WordPress and Security
WordPress is great open source software for blogging as well as setting up websites in.
The dark side of being open source is that it is a constant target.
Bots and spammers can use your WordPress, to try to boost their SEO for whatever snake oil they are selling. These are majority of what I’ve run into. It can make the users computer download malware, which makes navigating your own site unsafe for your user base. I predict this will be more the case going forward.
There are several steps you can take to mitigate the bad guys breaking into your site.
The simplest thing to do is to keep up to date with the latest releases of the WordPress core, the plugins you have installed as well as the themes. If you aren’t using certain plugins or themes – put them out to pasture, (remove them) so that they don’t become the gangrenous infections of your site. Those little numbers that appear at the top of your WordPress blog, they are annoying but they are important. I understand that sometimes plugin / theme updates can sometimes cause issues, but an infection is worse believe me.
Secondly, check that your users usernames and passwords are fairly complex. Don’t use the admin user. Don’t use password as a password, or the name of your company. When you set up your users nickname choose something different than your user name. Remember if they get your username they have half of the key to getting into the account. Most modern browsers can remember your passwords for you, so create something cryptic and random go for 10 digits or more, or go crazy and use the thisismysitenotyoursiteiloveit type password, not your puppy’s name.
I recommend setting up an SSL certificate – its not necessary but will really protect from your packets getting sniffed when you are on a public wifi connection drinking your coffee and updating your blog – yep it’s pretty awesome give the mobile app a try – https://wordpress.org/mobile/
There are also great free plugins like iThemes WordPress Security and Wordfence that will make sure that your site isn’t getting brute force attacked. They will also make suggestions on parts of your site that can be updated to protect from being hacked. Just be sure to whitelist your IP so that you don’t get locked out if you forgot to have your browser save your new secure password.
These are just a few simple steps that can help to protect your site.