There has been a receipt spate of attacks on the WordPress platform. The attacks appeared to be a campaign to spread malware through thousands of legitimate sites. The attacks appear to redirect users to malicious sites known as scareware sites which claim to have identified an infection.
If you are using WordPress, here are some hand hints and tips for securing your site.

Create a Strong Password

This may seem like an obvious piece of advice, but investigations into the WordPress attacks by WPSecurityLock found that..

“…99 percent of the sites that we have seen and fixed had very weak passwords to both their FTP and their hosting accounts” [Regina Smola, co-founder of WPSecurityLock]

Avoid Using “admin” as a Username

This is the default user that is created when WordPress is first installed. There have been several methods of exploiting this user that have been developed over time. A new  username and password should be created with all the administrative privileges. The admin username should be deleted straight after.

Create Custom Login Links

Anyone who has used WordPress before knows the default login address of www.yourdomain.com/wp-admin.php, especially hackers. Malicious bots can also gain access to your files with this default information. Custom logins addresses can be created to prevent unauthorised people from gaining access to the login screen.

Limiting Login Attempts

A login limiter prevents hackers and scripts from guessing your password through trying several possible variations. With login limiters, you can set how many attempts to login are allowed before ‘locking out’ an IP address.

Limiting IP Address Access

If you always login into your WordPress administration panel from a single location like your office, then it is wise to limit the IP access. This basically means only your office computer (and the others you choose) can access the administration panel. This will deny you access should you try to gain access unsung another computer.

WordPress Virus Protection and Firewalls

There are plugins that can be activated to protect against malicious code such as bot injections and other malicious exploits. Many of the good options provide email alerts with information on suspicious activity.

Update to the Latest WordPress Version

This is a must for anyone who uses WordPress! After each version update, WordPress publishes the weaknesses and bugs that were found in the previous version.

If you would like more information on WordPress and protecting your WordPress site, please feel free to contact us today for a no-obligation chat.