WordPress Security

At Gympie Hosting, we love WordPress.  It is one of the most popular and easy to use Content Management Systems (CMS) available and unfortunately, this popularity makes it a target for hackers. Therefore, it is important to understand some basic Worpdress security issues, to minimise the risk of having your wbsite hacked or compromised. 

In recent times, we have seen a few sites compromised and our investigations of these security breaches indicate that hackers obtaining access passwords represent the majority of site intrusions.  Hackers can obtain passwords (Cpanel and Worpdress) through:

[list style=”xred”]
  • “bruteforce” software attacks that  generate random password combinations until the password is found
  • virus/malware installed on users computers that send the stored passwords to hackers
[/list] In order to minimise the risk associated with passwords, we always manually create our Cpanel accounts and maually install Wordpress to be able to use our our own very secure passwords.  While this doesn’t mitigate passords being hacked by malware on a site owners computer, it virually eliminates the ability of “software guessing” passwords.

We also use the Genesis framework for our Worpdress installations (we never use free themes as they can be poorly coded and also contain code backdoors).  Genesis is one of our solutions for WordPress security and optimisation.  It is:

[list style=”Check2blue2″]
  • very clean and secure code
  • SEO optimized “out of the box”
  • allows limitless design customisation with child themes
  • easy to configure with lots of widgets and plugins
  • very flexible and compatible with major browsers
[/list] Our WordPress Security tips include:

[list style=”Check2blue2″]
  • Change your Cpanel password to be more secure (we use a random generator with 14 characters, upper and lowercase letters, numbers and punctuation marks)
  • manually create your database using a very secure password
  • manually install wordpress instead of using Fantastico or other installers
  • change the database table prefix used by the Worpress install from “wp” to anything else eg “MYwp”
  • do not use “admin” for your WordPress admin login username
  • use a very secure password for your WordPress login
  • Install the Genesis framework (remove unused themes)
  • install a good Worpdress Security Plugin e.g. WP Tune-up or BulletProof Security
  • minimise the number of plugins in your plugins folder (remove inactive plugins)
  • keep WordPress and installed plugins up to date
  • it is always good policy to have a backup plan to be able to recover and restore your website. We make Backupbuddy (a premium paid plugin for which we have a developer licence) available for our WordPress hosting clients for this purpose.
  • install a good antivirus program on your PC and keep it up to date (Microsoft Security Essentials (free from Microsoft) is recommended if you don’t not have AV software.
  • install and regularly run an antimalare program e.g. Antimalware (free) from www.malwarebytes.org
  • as an extra safeguard, run an online virus scan on your PC e.g. Housecall from Trendmicro (http://free.antivirus.com/)
  • Never give your Cpanel or WordPress password to anyone unless you know and trust them – you will never be contacted by your host or an employee claiming to be from “Microsoft” asking for your password.

Remember, we provide all this for our WordPress Premium Hosting clients.