It is always been a good idea to be security concious and virus aware on the internet but for me once i’d installed an anti virus program on my pc that was me sorted, well that’s what I thought anyway! Silly me!
I have recently had all 4 of my websites hacked at the same time on my server by a malicious code that plants a Trojan virus in all the files of all my sites.
I paid a company to clean them all up for me which they did and they advised me on getting some more protection. I didn’t get the protection straight away and in the next couple of days my sites were hacked AGAIN, nightmare!
I wont bore you with all the details part so far as to say I am now putting protection in place so it does not happen again.
I want to share an article that David Libovitzi wrote about WordPress security and a short video that explains it further.
Please don’t delay if you have no protection in place as it is time consuming and a pain in the butt to sort out!
Here’s David’s article…
You might think that installing a few WordPress security plugins does the entire job of protecting your site. Security plugins can help make your site safer (i.e. database backups, login lockouts). Most people don’t realize that there’s much more involved in order to protect a WordPress blog.
WordPress is an application powered by PHP and MySQL. Many high-traffic websites use MySQL and PHP for large-volume data storage. If you are a WordPress user, anytime you create a post or page, the information gets stored on your database. Even though there are WordPress plugins out there that can help backup your database in case of disaster, you always want to take all necessary precautions to prevent your site from being hacked.
WordPress developers release a security update when a known vulnerability needs to be addressed, but it’s impossible to seal every loophole. In the world of cyber crime, someone will always find a way around it — it’s inevitable. Even with the addition of plugins being installed to “beef up” your security, your WordPress site is still at risk. You can, for example, protect your site from brute force password attacks for your WP admin area. However, this does not protect your database nor does it prevent unwanted visitors from entering your server via FTP. Remember, when it comes to securing your WordPress site, you have to make sure you cover all angles.
Every time a user installs WordPress, it will always install the default folders and directories. Since many people don’t bother configuring the back-end, they don’t realize that they end up leaving the doors wide open, making them vulnerable for a malicious attack.
With that said, it’s important to make sure that you secure all areas of your website, including your server, database, logins, comments, files/directories, and wp-admin. If you’re looking for help in securing your blog or website or would like a WordPress security audit, let us know. Just remember, installing a few security plugins is only half the battle.
Learn how to start securing your WordPress site now and visit our website here >>
Be sure to stop by and sign up for our WordPress Security newsletter and you’ll receive your free e-book, “7 Plugins for WordPress Security.”
Article source: David Libovitzi, http://www.wpsecuritylock.com/
Related posts:
