Internet is unsafe, by definition. Cryptanalysis and cryptography shave always gone hand in hand: for every system vulnerability there is a possible unpleasant spammer, hacker, or cracker intrusion. They can study and take posession of such a system in order to to use it according to their needs. This penetration can lead to incommensurable damage, compromising our data and violating our privacy.
Today, we are going to deepen the topic of the security of one of the most used CMS (Content Management System) in the world: WordPress.
Risks and security of WordPress
As already asserted , WordPress is an important content management system, which is regularly updated and developed. It allows the use of templates (collections of files aimed to modify the graphical interface of a a website and not the core functionality) and plugins (external components that can be integrated to WordPress to extend its functionalities) in order to make possible any customization of a website.
Come in ogni cosa, c’è l’altra parte della medaglia. Difatti, tutte queste parti del sito devono essere debitamente aggiornate, altrimenti possono crearsi delle vulnerabilità fatali per la sicurezza del sito WordPress.
As in all things, there is the other side of the coin. In fact, all of these parts of the website must be kept up to date, otherwise vulnerabilities may be generated, which are fatal to the security of WordPress.
CMS must be updated as soon as possible. In most cases, the latest versions contain security improvements or corrections while the oldest ones may present vulnerabilities.
Limit access: minimize the risk of creating vulnerabilities
Containment: reduce to the maximum the amount of damages that a possible intrusione could cause, in the case website security is jeopardized
Regalar monitoring: backup everything periodically and monitor the website continuously
Reliability: it is highly recommended not to download or purchase templates from untrusted sources
WordPress plugin security
As specified for the other parts, also WordPress plugins have to be regularly kept to date. Moreover, it is recommended to be used only the strictly necessary plugins for your website. Others shouldn’t be just deactivated, but deleted completely.
Not necessary plugin must be DELETED, not only deactivated!
It is important to install plugins that act as a firewall for the website. There are many plugins with this functionality, some of which really useful.
The choice of password is really relevant. We are asked to enter our password to access WordPress back office, files through FTP protocol or various control panels of the website.
First of all, it is better that the password are different between them, even though any possible intrusion allows the intruder to execute almost every operations he has in mind.
When you choose a password you have to keep in mind the following conditions in order to prevent Brute Force Search attacks:
Name, username, company, website etc.
e.g. Nome: Frank, Password: frank123
e.g. Username: francis, Password: 4francissss
Dictionary words, of any language
Passwords containing only numbers and letters
e.g. 123456 or homepage
In order to have a secure password, it is fundamental using a permutations of numbers, letters (lowercase and uppercase) and special characters, with minimum length of 8 digits:
Secure passwords examples:
It is very important to avoid usernames like: admin, webmaster, Name or websitebecause they are the most attacked. Using a difficult username (combined with a very strong password) would get the hacker’s job very hard and, at least, this point of entry would be safe.
Moreover, it is recommended to rename the table prefixes of the database. The default prefix is “wp_” and it is taken for granted by hackers. Therefore, by modifying it to something different (it is ok also “abc_”, but it is better “z6d3p92md93u_”) would avoid the SQL injections hacking.
These are just some parts of the WordPress security; there are also many more.The topic of security is very wide and in cintnuous evolution. Therefore, it is really important to get informed regular about new malware and about methods to stop them.
If you think to have a similar issue, We can support you! Contact >
SeoWebMaster propone periodicamente articoli d'attualità nel mondo di SEO, siti web e, più generalmente, di tecnologia.
SeoWebMaster periodically offers current posts in the world of SEO, websites and, more generally, of technology.
SeoWebmaster bietet regelmäßig aktuelle Beiträge in der Welt der SEO, Websites und, ganz allgemein, der Technologie.
The agency offers a complete service in web area, by updating you also about the most recent technologies through this blog. We provide our experience in each phase of development process in order to reach optimal results in different areas
SeoWebMaster è un'agenzia del Ticino che offre la progettazione e lo sviluppo di siti web innovativi e di ultima generazione, ma che si specializza principalmente nell'ottimizzazione con i motori di ricerca; aumentare il traffico necessario incrementerà anche la visibilità della tua attività e la riconoscibilità del tuo brand.