WordPress vulnerabilities found in all versions up to 3.8 – updates needed, WordPress 3.9 still has a vulnerability, vulnerabilities found in WordPress 4.0, WordPress 4.1…
These news reports are becoming more and more common. As I mentioned in previous articles, WordPress occupies a significant part of the internet, making it a prime target for numerous hackers (read here why) especially when many websites are not up-to-date.
This naturally raises the question for both me and my clients:
Should you still use WordPress as the foundation?
The answer is still: yes
But…
The days when anyone with a little reading could put WordPress online, download a few plugins and a theme, and be done with the site and maintenance are over.
Has WordPress become worse?
WordPress has not gotten worse. WordPress is still in the hands of developers who work with dedication to improve the system.
Every time a vulnerability is discovered, they ensure that a security update is released. In short, the quality is still high, and the speed at which WordPress is updated has kept up with the need.
WordPress still features passwords, the database, and the user-friendly way to set up websites. WordPress continues to evolve and ensures that it remains one of the best functioning CMS platforms.
How can you safely use WordPress then?
WordPress itself is a good system, but there are certain “rules” you should consider when setting up a WordPress website.
There have been some “rules of the game” that have changed due to the many hacking attempts and various viruses circulating on the internet.
The “rules of the game” for WordPress in 2015
- Use a maximum of 5-8 plugins
Each plugin is a potential entry point for hackers. Some plugins are developed by programmers who are just looking to make a quick buck and don’t bother updating or securing them when exploits are found. - Regularly update WordPress
Not every update is related to security, so you don’t have to follow every update. Sometimes, it’s best to wait until the bugs in the update have been ironed out.
Sometimes, plugin developers also need some time to update their plugins as they might be dependent on the code of the previous WordPress version. - Choose a unique username, password, and screen name
One of the first things a spambot tries is your screen name, website name, or variations thereof.
In short: be creative and avoid using “dictionary words.” Mix in some numbers and capital letters. - A security plugin like WordFence, Securi, or Ithemes Security is not a luxury
These plugins allow you to easily set up whether every visitor can browse the folders of your server, whether the WordPress version is visible, where the admin panel is located, whether files are writable, whether long queries can be used through the navigation bar, whether multiple login attempts result in an IP ban, and more.
To keep your WordPress website somewhat secure, you need one of these plugins.
Note: You should configure them properly as well! - Make sure you don’t have keyloggers on your PC
Through small scripts from the internet, a page, or a browser add-on, they can capture and transmit your data. Use a good antivirus program on your PC.
Tip: Avira has a good free antivirus scanner!