How to increase the safety of WordPress
Wordpress is the most popular blogging platform in the world, thanks to the spread of known website wordpress. WordPress is a software that can be hosted on shared hosting accounts, but also on dedicated solutions, depending on the type of traffic that has to manage.
A dedicated server is often the best solution in the case of blogs and websites created with WordPress that grind thousands of daily visits at this level the management of the generated pages becomes easier with the ability to optimize Apache and other components of the server system . In today’s talk, however, an equally important aspect, that of security: As with all software that has a great spread for WordPress security issues and attacks committed against the servers are increasingly urgent, especially for small blog owners and for the most important publications that use this platform.
In this article we will see a series of technical and not that improve the safety of WordPress in a shared and dedicated, by changing some settings and adding the appropriate plugin.
From what types of attacks to defend themselves
The attacks from which to defend in a different and WordPress are all of different nature, but not of the same severity. Let’s see the most common:
- Bruteforce login attempts : common technique that aims to log in on the WordPress platform to take possession of data and administration capabilities. It is not easy to create an attack, but now the possibility to use low-cost resources has increased the possibility that the brute force is the one chosen in order to gain access to our blog.
- SPAM in the comments : One of the most common attacks for blogs that do not use any protection technique, the bots enter thousands of comments in the post at a time without leaving the admin time to remove them and thus creating confusion and failures in the WordPress platform.
- Vulnerability old versions and plugins : to have installed an older version of WordPress can be the best way to be attacked, many of the bugs are now known and have many exploits available for use. Same for the recently updated plugins representing a possible security flaw with the passage of time.
- SQL injection : although reduced compared to the past, this attack method is the most dangerous. The entry form can provide access to sensitive information and may allow the modification of database information.
For these types of attacks there are specific solutions to be implemented through plugins or settings that allow you to decrease the likelihood that our WordPress is hit. Most often the attacks point to dozens of machines hosted by the same hosting provider and can lead to very automated binding systems.
Also useful to consider the protection techniques applied by their hosting providers, many providers now provide hosting solutions for CMS, thus making the safety easier for the simple fact that the servers are already set for this specific CMS.
Defending WordPress plugin with additional security
Over the years thousands of plugins have been developed to improve the security of WordPress, many of these were later abandoned or left without constant updates. It is therefore important to always consider a limited number of plugins that are current and that they have support from the community, so be sure that they themselves do not become a security problem.
Following a series of plugins that can improve the safety of WordPress with a minimum effort from the operator of the website.
- Limit Login Attempts : a useful plugin that allows you to limit the number of tests that you can login to the system WordPress. This is a plugin that allows you to ban the use of IP through cookies or user, and prevents it attempts to brute force by a single subject.
- Askimet : perhaps one of the most popular WordPress plugin, allows to better manage the comments that have spam, classifying them and preventing them Rinser of new bots.
- YES Antispam Captcha : always to protect the login page, this plugin puts a captcha on the page, to be sure that access is groped always a human and not a botnet.
- Antivirus : Another plugin that is responsible to check the files in our installer looking for any malicious code.
The precautions for the safety of WordPress
The plugins are definitely a great way to secure your own blog, but there are a number of expedients that we can put into practice with little effort by hand directly to the code and the installation of WordPress. The best thing is to make these changes to people who have a minimum of expertise in the management of servers and websites, and not relying solely a guide to avoid seeing their blogs offline, then no remedy.
The first tip is easy to apply, is to change the default administrator within the platform : the ” admin “is deleted and replaced with something else, because this attack will take more into account primarily the default.
Also proceed to change the default prefix tables within MySQL WordPress: default these are named as “wp_”, as “wp_post”. To change the prefix is sufficient to do this during installation or act directly via phpMyAdmin, starting the renaming of all tables with a different profile, can also be composed by a higher number of letters from the original. Once done go into the file wp-config.php and update the new value entered here as a table prefix.
Login less facilitated
Now that we have set a number of features in order to prevent someone continues to try to log into the system, we seek to provide less information, the Login page and then choose WordPress to change the error warns that inclusion of incorrect values with a more generic that he does not understand what the problem is the attacker!
To do this we open the file functions.php contained within the folder of our theme , and add this line of PHP code:
add_filter (‘login_errors’, create_function (”, ‘return’ Try again, error sconsciuto .’;”));
Finally we moved our wp-config.php file outside the root directory of our web space : WordPress settings allow you to automatically search for the directory directly above it, so we will not have to worry about possible malfunctions.
In conclusion we can say that we now have an added layer of security to protect important to WordPress, but much of what is done must be on hosting providers, especially in the configuration of your server, so make sure that the provider’s servers are tested to host WordPress and there are the necessary measures for security at the system level.
Defend Against The Bot’s
WordPress Security Plugin – WordPress Antivirus