• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

WordPress Barista

Blog Design Services & WordPress Maintenance Packages

  • About
    • Giving Back
    • WPB Team
    • What they say…
  • Learn
    • Blog
    • Free Knowledgebase
    • Free Newsletter
  • Services
    • Small Fixes
    • Design
    • WordPress Maintenance
    • WordPress Hosting
  • Contact Us
  • Portfolio
    • What they say…
  • Client Portal
You are here: Home / Tech Tutorials for Bloggers / WordPress Security in Laymens Terms

WordPress Security in Laymens Terms

June 12, 2012 · Tech Tutorials for Bloggers

If you need help with malware, order that service here. If you’re looking for information, read on:

Do any of  the following scenarios sound familiar to you? If so, I think we can find an answer.

1.  My readers have let me know that when they click on my site they get a message saying I have a virus. What can I do?
2. What’s wrong? Does this mean I have a virus?!?!
3.  Google has blasted my site with the big red warning screen – I’m panicking!! What do I do?
4.  How can this happen!?!?

WordPress Security vs. The Bad Guys

Imagine a huge plate of spaghetti noodles piled high on a serving platter. For our illustration that will represent the internet.

“Malware” is simply anything that does harm to your particular noodle.

Malware is not looking for your noodle in particular. It is simply looking for any website with a vulnerability.

My point is that it isn’t personal – this is not a targeted attack destined to do your noodle damage, although it can feel like it.

Is WordPress Secure?

If a celebrity gets a cold we all need to know about it. If you or I catch a cold, it isn’t really news worthy. Somehow, the more popular you are, the more gratifying it is to find your weaknesses.  The same is true for WordPress – it is insanely popular.  So there are some who find it somehow entertaining to challenge the security of it.

On the flipside, because it is so huge, and because WordPress is ‘open source’, it’s backed by 100’s of developers and 1,000’s of contributors all making it better and more secure by the day.

Literally – by the day. It’s mind-boggling.

So is it secure? I see it like a race. Just as fast as the evil minions can come up with malware, WordPress is fighting to become impenetrable.  And yes, I’m betting on WordPress and a few best practices: see below.

Back Doors: escaping unscathed

Have you seen the movies with the teenage boy climbing out the top floor window of his girlfriend’s bedroom? It’s dark. A twig snaps. Shortly after, Daddy comes out the front door with a shot gun?  We route for the fellow to escape unharmed and true love to prevail. I always picture this scenario when talking about Back Doors. Except we’re not letting an unsung hero escape our bedroom window, we’re letting a virus out and leaving an opening for him later.

Back doors – these are the pieces of code that leave little holes for the malware to come back later. Its essential you get these out of your website.

Best Practices for WordPress Security

Items for your geeky brother/sister/husband/wife:  Make sure your computer is secure (use anti-virus software, use 2 if possible).  Make sure your network is secure (use a firewall).

Items for you: Passwords need to be changed and random: admin users, FTP users, MYSQL users.

Make sure all your passwords are randomly generated.

Since starting this business almost 10 years ago, I have seen thousands of passwords. Have you heard that most people use passwords like their names, children’s names, birthdays, and words like “adm1n” and “passw0rd”? Let me confirm that that statement is 100% correct! You would not believe the number of insecure passwords I’m given on a daily basis.

Items you might want help with: Make sure your WordPress, Plugins, and Themes are all updated and from reputable sources (use as few as possible). See our WordPress Upgrade Page for details.

78% of malware cases can be attributed to outdated WordPress or plugins! (source)

#1 Tip for WordPress Security

Let us monitor, upgrade, backup and secure your site. Plus have a geeky girlfriend available any time you need answers! Check out our full VIP service here.

Further reading:

– the Codex

– Sucuri Blog

Reader Interactions

Comments

  1. LockerPress says

    June 16, 2012 at 9:33 am

    Great post, I’m glad there are people blogging about Malware and Injections through WordPress in order to get the word out. WordPress, out of the box, really isn’t secure. However that doesn’t mean that you shouldn’t be using it.

    I personally love building in WordPress because of the amount of people we can reach with our services, like many others. WordPress is a huge community – however with that being said there are a large percentage of users that unfortunately do not have any security or know what to do when being attacked.

    Sucuri is great for cleaning out malware and infectious servers. $90 is very inexpensive once you’re infected, however just the pain of having to deal with hiring someone can be nerve wrecking.

    We’ve come out (about to launch in a day) a great WordPress Security plugin that can prevent a lot of hackers and bots from taking over someone’s site. We all know there are many preventative measures that we can take to protect our sites, but many users simply don’t know or can’t afford to hire someone to do this for them.

    Being able to change your database table prefix on the fly, change your admin username, create a custom login URL (that disables the default wp-admin & wp-login.php URL’s), enable HTTP Authentication and so much more.

    You can get more info at http:// lockerpress.com

    Reply
    • Cathy Tibbles says

      June 19, 2012 at 10:37 am

      Thank you for your comment! the link has been removed. but we can copy/paste it! I’ll look into your lockerpress plugin – sounds good!

      Reply
  2. Anders Vinther says

    June 18, 2012 at 2:26 pm

    Great post… and a good list of things to do to secure your wordpress…

    We had some issues ourselves on our sites, and in the end we compiled an extensive checklist of items you need to do to secure your wordpress site…

    It should be good for relatively non-technical wordpress users too…

    And it can be downloaded for free from our site http://www. wpsecuritychecklist.com

    Maybe your readers can benefit from the checklist too…

    Reply
    • Cathy Tibbles says

      June 19, 2012 at 10:38 am

      Thank you for the checklist – I’ll definitely check that out!

      Reply
  3. Jeff Huckaby says

    June 19, 2012 at 10:14 am

    I have WP site owners come to us frequently. As your source states, most of these are due to outdated WP installations.

    A major issue is plugins. I have see several plugins that include other code. While the plugin author may update their code, they do not update the include code. This was certainly the case with the Timthumb hack (http://www. wpbeginner .com /wp-tutorials/how-to-fix-and-cleanup-the-timthumb-hack-in-wordpress/).

    One tip I offer here (http: //www.rackaid .com/ resources/wordpress-tips/) is to pick popular plugins that are updated regularly. Don’t use obscure plugins that do not have regular updates. Doing this and keeping your WP up to date will save a lot of trouble.

    If you have multiple WP installs, check out http:// www. managewp.com/

    Lastly, I am experimenting with WPScan – a WP specific security scanner – and will post results to our blog.

    I think:
    – Running WP under mod_ruid, fast-cgi, SuPHP to assure the WP install runs under the user ID
    – Using good passwords
    – Keeping things updated
    – WPscans regularly or after any plugin/coding/theme changes
    – W3TC for performance

    These list really lays a great foundation for a operating WP.

    Reply
    • Cathy Tibbles says

      June 19, 2012 at 10:39 am

      Thank you – the additional things – wpscans (we use managewp for all our clients, and Sucuri has a server side plugin that I recommend now). The links have been removed, but we’ll copy/paste them!

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Newsletter

Espresso News

Energize (& secure) your blog with the latest, shortest, strongest news each week.

Categories

announcements
Announcements
Tech Tuesday
Tech Tutorials
Giving Back
Giving Back
Printables
Printables
SEO
SEO
Grow Your Audience
Social Media
Inspiring Bloggers
Inspiring Bloggers
Save Time
Save Time

[instagram-feed num=9 cols=3″showheader=false showbutton=false showfollow=false background=#f5efe9]

Why We Do What We Do

A portion of every purchase goes to under privileged women entrepreneurs through the microloan organization, Kiva and World Vision. Other donations go to Canada Red Cross and annually we have the privilege of selecting two charities to receive free services.

Learn More

Footer

  • Facebook
  • Instagram
  • Pinterest

VIPs/Maintenance: Priority Support submit claim here

Questions? Click here

Service level Agreement | Terms & Conditions | Privacy Policy