8 Ocak 2016 Cuma

Securing a Wordpress website against hacking or hackers attack

Hi Guys,

The Wordpress is an opensource content management system (CMS). It is one of the most popular CMS right now. Approximately 15% of the websites on internet uses wordpress. Therefore, hackers are trying every moment to hack wordpress websites.

Why do hackers want to hack your website?

Most of them want to use your website to hosting their own webpages or, they want to send million of spam emails because of earn money. Some of them want to get sensitive information or all emails of your users.

There are a lot of methods to hack a website but famous methods are vulnerability of the source code of wordpress or vulnerability of a plugin on your website.

So you must always update your wordpress website if there is a new update. Fortunately new version of wordpress installs new updates automatically. But you must check the website update page every day or every week for updates.

There are some extra precautions that you can make.

- First of all you must install all updates of wordpress and all plugin updates,
- Secondly, delete or uninstall unnecessary plugins and templates that you don`t use,
- Check out your directory permissions with FTP client. Never use 777 write permissions.
- If you want to use a plugin, check always the update frequency of the plugin. If it is not often updated then never use it.
- I recommend "All in one WP security & Firewall Plugin", this plugin is easy to use and configure. It is a free plugin. This plugin has almost all kind of security improvement settings. This plugin uses especially htaccess file for securing your website thus there will be no changing on your wordpress core files. htaccess file is one of the best website securing method for me. Also it is easy to edit.
- Never use easy password and admin name as admin user.
- If you have some technical skill than my advise is checking your website access and error logs. This log files gives a lot of information about your website visitors. You can see what they want do to and this will give you some idea about their behavior.
- With robots.txt file you can make some extra security too. So my recommendation is:

User-agent: *
Disallow: /wp-admin/
Disallow: /trackback/
Disallow: /xmlrpc.php
Disallow: /feed/
Sitemap: http://example.com/sitemap.xml

You must change example.com to your website name.

Hiç yorum yok:

Yorum Gönder