This is the sixth part in our series of posts here at StopTheHacker where we describe the various methods that malicious hackers use to infect benign and legitimate websites with web-malware.
In this article we will talk about WordPress security. WordPress is arguably the most popular content management system (CMS) on the Internet today. Malicious hackers are always looking for ways compromise these installations in order to infect thousands of sites. We will show some examples of what can be done secure your WordPress installation.
What is WordPress?
WordPress is an extremely popular web application software that has gained millions of users over the last few years. The features pf WordPress are well defined on its official site.
WordPress is a application software that makes it easy to build a site, launch it, and manage it: it’s a Content Management System (CMS). WordPress has a very vibrant support community and there are many useful plugins available for it, not to mention beautiful themes that let you skin your website and blog just as you like.
Why do web designers and administrators use WordPress?
Web designers and admins use WordPress due to its ease of use and simplicity in the design and launch of websites. WordPress is a very capable piece of software that can cut down the time and effort needed to create blogs and sites and on edits to them. WordPress also supports a variety of third party “plugins” that can add additional functional and aesthetic features.
Is WordPress secure?
Yes, the WordPress development team is very aware and responsive to vulnerabilities discovered in WordPress installations. However, many WordPress installations still fall prey to hackers due to a few simple reasons.
When a WordPress install is compromised, it can lead to many headaches. We will discuss these issues below and how to avoid them.
Why does a WordPress installation get compromised?
A WordPress installation can be compromised, and then infected with web-malware (malicious computer code) as a result of various issues.
What can you do to make your WordPress installation more secure?
Here are a few tips you can use to make your WordPress install even more secure.
order deny,allow deny from all # allow specific IP address 1 only allow from 184.108.40.206 # allow specific IP address 2 only allow from 220.127.116.11
This will reduce the chances of a malicious attacker testing your administrator login forms for weaknesses.
# Prevents directory listing Options -Indexes
WordPress installations are a juicy target for malicious hackers to exploit and infect benign websites. We have seen what WordPress is, how an installation can be compromised by malicious hackers, and how to protect your website.
StopTheHacker customers have access to resources and services that protect them against these kind of threats and help them recover from compromises should they occur. If you would like more information on how to protect your website, please feel free to contact us. You can also visit our product page to protect your website right now.