wordpress-logo

WordPress – How To Have Your Own Web Site – Security

This is the sixth installment of the on-going WordPress series and I’d like to talk about security. Security is an important aspect of any computer user’s thoughts. There are tons of bad guys out there and they don’t merely focus on the normal every day user. They like to target Web Masters as well.

Since WordPress is used by a vast number of site owners around the world, it makes for a very big, irresistible, tasty-looking target. And they’re not wrong– get your “hands” on one of the big WordPress-powered sites and you’ve gotten hold of a potential gold mine– at least, from a grubby-handed crook’s point of view.

If you’d like to catch up on previous articles, then here are the links:

  1. WordPress – How To Have Your Own Web Site – Introduction
  2. WordPress – How To Have Your Own Web Site – What You’ll Need
  3. WordPress – How To Have Your Own Web Site – Installation
  4. WordPress – How To Have Your Own Web Site – Dashboard & cPanel
  5. WordPress – How To Have Your Own Web Site – Plug-Ins, Widgets, Themes and Headers

Security and Plug-ins That Will Help

Unless you are adept at writing code, then plug-ins will help you immensely. There are numerous plug-ins at the WordPress site that are available, free of charge, which will help protect your site from the scum of the earth. Here is a short-list of a few that I might recommend:

There are countless more but these should get you started and give you a good idea of what to look for.

SPAM

SPAM is not a security threat, as such. It is simply a big pain in the neck. It can be dealt with, however.

SPAM is roughly defined as being unwanted/unsolicited eMail and/or comments. HAM, on the other hand, is supposedly desired. It largely depends on your religious beliefs and palette, I guess.

If you try to run a web site you are inevitably going to run into the much-hated SPAMMER. You will also run up against “trolls”, which are people who don’t seem to have much to do with their time other than bother people with snarky, heat-inspiring remarks and totally useless comments. It’s all a sad part of the game.

Even here on DCT, where most everybody tries to offer a helping hand, there is the odd duck that delights in posting negative, sarcastic, and utterly useless comments. I’ll never understand how that can make anyone’s day. They actually have to sit down and take the time to type that crap! What a waste of human flesh.

Note: Don’t get me wrong here. Constructive, even negative criticism is more than welcome. We are all prone to error and gaining good insight from our readers is paramount. Please do not ever hesitate to point out any errors you may find. They will be addressed, pronto!

SPAM is one of those things web masters have to put up with. The above-mentioned plug-in, WordFence, is a great bulwark against these idiots. You can block specific IP addresses and cause the source of your angst to go away.

Another great anti-SPAM plug-in is Akismet. It uses an ever-growing database of naysayers and problem makers (aka, Trolls) to make them disappear. The fewer, the better, in my opinion. It will help when you begin to be inundated with unwanted commenters– and you will. What a pain they are…

I guess you may have figured out where I stand on that matter. 

Some Tips on Manually Securing Your Web Site

  • Use a Secure Hosting Service – Not all Hosting Services are created equal. Diligently check the history and integrity of any service you choose.
  • Updates – WordPress, as any software, gets updated on a regular basis. Most if not all of these updates include security patches as well as feature “fixes”.
  • Custom Secret Keys – Within the “wp-config.php” file, you’ll find some “keys” that are arbitrarily chosen for you. You can change these at any time for added security.
  • Database Prefix – Change It – The default database prefix is, guess what, WP. The bad guys know this, too. Change it.
  • WP-Config File – Protect It – All the files in your WordPress folder have access permissions. The default settings are not necessarily the best. Learn how to change the permissions so not just anyone can gain access to them.
  • .htaccess File – Protect It – Second verse same as the first. Change the file permissions to limit access.
  • WordPress Version – Hide It – By letting the bad guys know which version of WordPress you are running you also let them know what weaknesses it may have. Make them guess. Some of the security plug-ins listed above will do this for you.
  • Limit Failed Log-in Attempts – Again, some of the above-listed plug-ins will handle this mundane chore for you.
  • “Admin” – Don’t Use It – “Admin” is a default User Name that everyone in the world knows about. Don’t give the creeps a helping hand by leaving it as is. Make them work for it.
  • Make Backups!!! – Anyone who has read my articles knows that I go on like a spoiled child when it comes to backups. Backing up your computer is one thing. Backing up your web site is a whole new ball of wax. The methods may differ but the end result is the same– with well-maintained backups you are protected from catastrophic loss should things go awry. Some of the cold-hearted among us spout that anyone who doesn’t back up their system (web site) deserves to lose it. I am not quite that dispassionate, however…

Plans for future articles:

  • Search Engine Optimization (SEO)
  • Perhaps Some Tweaks – you know how I love those
  • Anything else that comes to mind along the way

Links to articles in this series:

  1. WordPress – How To Have Your Own Web Site – Introduction
  2. WordPress – How To Have Your Own Web Site – What You’ll Need
  3. WordPress – How To Have Your Own Web Site – Installation
  4. WordPress – How To Have Your Own Web Site – Dashboard & cPanel
  5. WordPress – How To Have Your Own Web Site – Plug-Ins, Widgets, Themes and Headers
  6. WordPress – How To Have Your Own Web Site – Security
  7. WordPress – How To Have Your Own Web Site – SEO
  8. WordPress – How To Have Your Own Web Site – Tweaks for Speed – Part I
  9. WordPress – How To Have Your Own Web Site – Tweaks for Speed – Part II

Conclusions

As I said in the beginning, Security is a big deal these days. It won’t go away if you ignore it. It doesn’t get any better even if you pay attention to it. It’s simply part of our daily lives on the Internet. It sucks, and there isn’t much we can do about it.

Wait! I take that back. We can be diligent and smart.

  • We can use the tools provided to us by many well-meaning people in such a way that will bolster our defenses against the “creeping black crud”.
  • We can resist the temptation to click on everything we see, without giving it a moment’s thought.
  • We can use strong User Names and Passwords; we can not duplicate them across the Internet, as well

These thoughts not only apply to our daily on-line lives, but to any web site-related endeavors, too.

Note: “creeping black crud” is a reference to situations in the Chinese game of Go. If you want a lifetime challenge, then try Go. Chess is small-time by comparison.

As always, any helpful comments or suggestions will be much appreciated,

Richard

2 thoughts on “WordPress – How To Have Your Own Web Site – Security”

  1. Hi Richard,

    What a timely article (for me, at least). For some reason, my pathetic little ol’ website (all two pages of nothing, really) came under a brute-force attack a week or so ago. Using Wordfence & Securi seemed to do the trick.

    My query– related only in “tweaking” a site is to request an article, a walk-through, of how to utilize child-themes to modify your WP theme (vs. the parent). I seem to read a lot about that being the proper way to do things, in order to prevent issues when parent themes update, but don’t see much around in the “self-learning” sort of way.

    Good article!

    1. Hi Tracy,

      Nothing has been said about parent/child themes at this point.
      The fact that you bring it up is a good point. It is important.

      Maybe I’ll post something about that subject in the future.
      If I do, I’ll bring up your name.

      Thanks for the comment,
      Richard

Comments are closed.

Exit mobile version