At Uptown Studios, we love building websites on WordPress, with all of it’s flexibility and ability to grow and scale to any size – WordPress can handle almost anything you throw at it. Websites powered by WordPress only become insecure if they are allowed to be so, which means it’s critical to make sure you have a team in place to manage your site and it’s security – enter Uptown Studios website security blanket.
One of the greatest strengths that WordPress has is its Open Sourced community. Whenever there is a vulnerability found in the WordPress core or its plugins, it is reported to the WordPress team and an update is released. As long as all plugins and the core are kept up to date then your site will be secure from known vulnerabilities. When Uptown Studios is in charge of your web maintenance we check your site monthly for any of these security issues and vulnerabilities and fix any issues that show up.
There is always the chance of unknown vulnerabilities – on any platform, but you can also prepare your website to handle these issues. Your site can be kept secure from hackers and bots with the right security measures when managed by a knowledgable team. Below is a quick rundown of how we keep our websites safe for our clients:
ENTER TECHNICAL TALK – IT MIGHT BE EASIER TO CALL UPTOWN STUDIOS AND HAVE US CHECK YOUR SITE!
- Local Brute Force protection and IP blacklist to keep track of offending computers. The IP address is added to the “Ban User” blacklist after reaching a specified number of lockouts. This helps automatically get rid of bots and hackers who try to break in.
- 404 Detection looks at a user who is hitting a large number of non-existent pages and getting a large number of 404 errors. 404 detection assumes that a user who hits a lot of 404 errors in a short period of time is scanning for something (presumably a vulnerability) and locks them out accordingly.
- HackRepair.com‘s blacklist feature, which is an excellent blacklist developed by Jim Walker of HackRepair.com.
- Network Brute Force Protection takes brute force protection a step further by banning users who have tried to break into other sites from breaking into yours. The network protection will automatically report the IP addresses of failed login attempts to online blacklist sites and will block them for a length of time necessary to protect your site based on the number of other sites that have seen a similar attack.
- Change the “admin” username, and immediately ban a host who attempts to login using the username “admin,” since this is the most common username of WordPress sites. By removing the admin username it we make it at least 50% harder for hackers and bots to bash in by spamming the login page using that username. Then when someone does try to use it, they get immediately banned from logging in again for a short period.
- File Change Detection since even the best security solutions can fail. How do you know if someone gets into your site? You will know because they will change something. File Change detection will tell you what files have changed in your WordPress installation alerting you to changes not made by yourself.
- Hide Login Area by changing the URL used to login (wp-login.php, wp-admin, admin and login), making it harder to find by automated attacks and making it easier for users unfamiliar with the WordPress platform.
- Force Strong Passwords and require all users to update their passwords to a strong one upon their next login.
- System Tweaks allow you to protect system files from public access, disable directory browsing, remove file writing permissions on sensitive files, disable PHP execution in the Uploads directory, and more.
- WordPress Tweaks allow you to reduce comment spam, disable the built-in WP file editor, block multiple login attempts using XMLRPC.php, disable login error messages, force users to choose a unique nickname that is not their username, disable a users author page if their post count is zero, and more. These all address potential small vulnerabilities within WordPress that help minimize risk.
- Back Up! There is always the chance of something happening (whether a malicious attempt, innocent mistake, or server crash), so always have a backup! Make sure your website is running automatic backups of all site files and the database regularly, and you’ll always have something to quickly fall back on.
There are other higher-security steps and tools that can be used, but for the majority of users, the steps above will help lock your WordPress site down and worry less about hacking.
Need help locking down your WordPress website? Uptown Studios can help! Just send us an email at firstname.lastname@example.org or give us a call at (916) 446-1082 and we can assist you in making your WordPress website more secure.