A comprehensive guide to securing a WordPress website. We look at techniques and plugins that you can use to harden your website.
The .htaccess (short for “Hypertext Access”) file in your site’s directory is a configuration file you can use to override the settings on your web server. With the right commands, you can enable/disable extra functionality and features to protect your site from spammers, hackers and other threats.
Some of these features include basic redirects, locking outside access to particular files, or more advanced functions such as content password protection or preventing image hotlinking.
In this post, we’ll look at a few simple changes you can make to your .htaccess file to boost the security of your site.
At WPMU DEV we make extensive use of the Cloudflare CDN to improve our websites’ performance and security.
But these benefits are not just the domain of larger sites. Implementing Cloudflare on your site is quick, easy and can be done without making any changes to your WordPress site.
And it’s free.
Do you have a Disaster Recovery Plan for your WordPress site?
If you answered no then you’ll probably in good company because not many sites do. Yet how well you’ve planned for disaster will determine how well and how quickly you recover from it.
Putting together a Disaster Recovery Plan is quick and relatively easy. And if disaster strikes it’ll save you so much time and angst that you’ll wonder why you ever thought you could live without one.
What Is A Disaster Recovery Plan?
It doesn’t take much for your digital life to be totally destroyed, as Wired’s Mat Honan discovered (check it out, it’s an eye-opening read).
Remembering usernames and passwords can be a real pain in the backside, so it’s no surprise most people use the same information across several accounts, such as email, social media and even banking. But if one account’s password is hacked and cracked, that security leak can put your other accounts in danger.
Security by obscurity is by no means a be-all, end-all solution for keeping nasty hackers at bay, but should still play at part in your overall defence plan.
Obscurity as a security measure is the belief that a site can remain secure so long as nobody outside of its implementation is allowed to find out anything about its internal mechanisms.
In the final video in our WordPress Security Essentials series, we look at obscurity tactics and tried-and-true measures for backing up your site.
Preventing a hack attack is virtually impossible, so the pragmatic goal of any security strategy is to make any attack as difficult as possible.
If the attack can be slowed down sufficiently then the perpetrators will likely give up and move on to a new target.
In this installment of our WordPress Security Essentials video series, we take a look at layered security or layered defence: the combining of multiple security controls to protect your WordPress site’s critical files and data.
There are simple ways you can help avoid a hacking attempt on your site, such as keeping your version of WordPress up-to-date and using themes and plugins from reputable sources.
But what can you do to fight off brute force?
In the third video in our WordPress Security Essentials series, we look at practical ways to combat username and password cracking.
Brute force attacks are an everyday reality of the internet. But how do you defend against such attacks?
Well, there’s no real secret to strengthening your site against attacks, as our video will tell you.
Usernames and Passwords
Part 2 of our WordPress Security Essentials video series and today it’s all about you.
It will walk you through the four points of vulnerability, responsible for almost every successful hack attack, and offer plenty of suggestions for what you can do to minimize them.
No rocket science. No complicated procedures. Just good ol’ plain common sense.
Almost every successful hack of a WordPress site exploits one or more of the four main points of vulnerability:
Host security breach
Out-of-date WordPress Core
Unsafe plugins and themes
Brute force attack
It’s not fun having your site hacked. Beefing up your site’s security can seem like a chore, but it’s far easier than dealing with the aftermath of malicious hackers taking down your site.
So how exactly do you secure your WordPress site?
We’ve put together a five-part video series we’re calling WordPress Security Essentials. The series covers everything you need to know, from theme and plugin safety to password best practice, database backups and layered security measures. We’ll be featuring each of the five videos on the WPMU DEV blog this week.