Some simple security additions for your website

Posted on Posted in: Blog

This month I saw a hacked website with over 420 hacked files. Some were inserted into the websites hosting area, and some were just modified website files.  These usually have a MD5 check some (MD5 which stands for Message Digest algorithm 5). Hacked files use this as a long string of letters and numbers that sort of self expands and gives out malisious commands. These code commands can live inside this long string of MD5 gererated numbers waiting for another file to read the code and then act on it.

I see this a lot in WordPress, and there are just rogue servers online “ping-ing” websites trying to find sites with exploits to insert their code.  This is why so many people say “update your plugins”.  As coded items like plugin scripts age, new exploits are found all the time.  Good developers write patches and fix holes in the code as they find them.

Here is a simple list you want on your WordPress website to have.

Backup, Backup, Backup your site… Make sure your site is backed up daily.  A common mis-conseption is that your web hosts is backing up your site.  10 years ago, this was the case.  Now backups are an added feature you have to add to your hosting plan.  Godaddy for example has a 2.00/month add on that backups and give you access to the history restore tool.  I talk to people all the time who think their hosts is backing up the site.  Then if the site goes down, they call the host and find out this is the case.

Don’t backup using a plugin that stores a package inside your website install.  Backup Buddy for example, this plugin creates a backup (site files and database) and stores the zip file on your hosting account.  If a hack gets to the package, they have access to your database. All your user account info happens to be sitting in there.

I like an off-site solution like Blogvault.  It backs the site up remotely ever 24 hours, and keeps a history you can one click restore from blogvault.net

Install a firewall. Makesure your website is running a firewall to help block maliscious items from getting through to your site.  Most quality web hosts have good firewalls installed, but if your on a cheaper share web hosts like Hostgator that thing is not going to save you.

There are a lot of good firewall plugins.

WP Ninja Firewall does a good job blocking hack attempts. The setup is a little tougher, but the results are worth it. https://wordpress.org/plugins/ninjafirewall/

All in one security is also a great little plugin. Great all around easy to setup firewall. https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/

Security and scanner tool. Wordfence is a good all round scanner.  It will help limit login attempts on your site, and the scan tool will scan your website for maliscious code and send you out a simple email report.

Wordfence https://wordpress.org/plugins/wordfence/

The other one I like is Shield WordPress Security. Not as well known, but I think its a little more userfriendly, https://wordpress.org/plugins/wp-simple-firewall/

There are a lot of factors that play into your websites security. It’s not just a “keep your plugins updated” mentality. You need a web person that will look and build your website from the bottom up. Quality hosting platform, solid theme code, plugins from quality developer. They you can add in the firewalls, and back-up plugins.  My email is always open.

Leave a Reply

Your email address will not be published. Required fields are marked *