One of the most popular programs for creating websites today is the Wordpress platform. Many people prefer Wordpress to traditional web design software as it allows them to easily create and modify a website without any prior web design experience. The drawback to the popularity of Wordpress is that it has become a favourite target for hackers looking to exploit websites for their own purposes.
Owing to this, we strongly recommend that you follow the guidelines below in order to keep your Wordpress-based website secure:
1. Wordpress often releases updates which include patches for security flaws discovered within the code of the website. These patches need to be applied as soon as possible in order to prevent a malicious user from being able to exploit flawed code and damage your website. If you opt to use Wordpress, it is best to install it via the Softaculous Apps Installer in your cPanel account. Softaculous will give you the option to receive notices whenever new updates are released or to simply update your site automatically.
More information on installing Wordpress via the Softaculous Apps Installer can be found here.
2. Wordpress allows you to make use of various themes and plug-ins which can be used to enhance your website. As with the main Wordpress installation, themes and plug-ins must also be updated on a regular basis as they can also be exploited by malicious users. Should you find that a particular theme or plug-in is no longer being updated by its developer, then you should remove it and find a suitable replacement.
Note: Certain default Wordpress themes, such as Twentyfourteen, will eventually no longer be supported. If you are not using these themes, then it is recommended that you delete them. This also applies to any themes which have been custom-designed for you.
3. In addition to ensuring that Wordpress, along with your themes and plug-ins are kept up-to-date, there are several plug-ins which you can use to secure your website.
- Wordfence: This plug-in serves as malware scanner and firewall for Wordpress. It is useful in blocking attempts to compromise your files and also allows you to scan your site. More information on Wordfence can be found here.
- Stop XML-RPC Attack: A common attack made on Wordpress websites is an attempt to log into the Wordpress dashboard. This is commonly done by attacking a file named xmlrpc.php by bombarding it with multiple login attempts simlutaneously. Since this file is required by certain plug-ins, it is recommended that you install the Stop XML-RPC Attack plug-in as it is design to prevent any external attempts to exploit the file. You can read up on this plug-in here.
4. Another way in which you can protect your Wordpress website is to make use of the ModSecurity tool in your cPanel account. ModSecurity is designed to prevent external threats and should be enabled whenever you are not doing any work on your site. More information on ModSecurity is available here.
Following the steps listed above should be enough to keep your Wordpress-based website secure.