Prevent badware: WordPress | StopBadware

Prevent badware: WordPress

Prevent badware: WordPress

As of September 2012, there were almost 56 million WordPress sites in the world. And that number is growing every day. Because WordPress is such a widely-used platform, it’s a big target for cybercriminals who use automated attack kits to compromise many sites at the same time. Does this mean WordPress is unsafe or inherently insecure? Absolutely not! In fact, because WordPress is so popular, there are many resources to help you prevent badware on your WordPress site.

The following list of tips is not exhaustive and is only intended as a beginning resource for securing a WordPress site. WordPress.org has a comprehensive guide on hardening WordPress. Use WordPress.org’s guide as your main resource for making your WordPress site more secure. 

  • Always update your WordPress installation as soon as a new version is available. As you know by now from reading our basics section, keeping your software updated is one of the most important defenses you have against site compromise. New versions of software don’t just add cool features and make things run better; they often include crucial security patches that protect your site and your visitors from badware. Update!
  • Keep your plugins, themes, and other third party scripts updated, too. This is just as important as keeping your WordPress install up-to-date.
  • Be cautious about what you install. Many great WordPress add-ons (and some not-so-great ones, too) are written and maintained by third party developers who have no affiliation with WordPress. The people who write the code for these add-ons are responsible for maintaining it, and if they don’t do so regularly, security holes can open up and
  • Get rid of the “Admin” user. Keeping the default “Admin” username around after you create your WordPress makes it easy for bad actors to use automated tools to guess your password. Computers can easily guess hundreds or thousands of username and password combinations a second, so using the default username makes the job of attack tools much easier–all they have to do is guess the password.
  • Check out security plugins. WordPress.org has a long list of anti-malware and other security-related plugins you can use to increase the security of your site. There are also several reputable website security vendors you can use to regularly scan your site for security vulnerabilities and other issues.