Guest Post from our partner, EndLayer.
WordPress is all the fad for websites these days – and really for good reason. Its free, first of all. Its easy, there’s a ton of plugins to extend it, and theres an insanely huge user base for it. We started on WordPress ourselves, even – several years ago. Its a one-size-fits-most solution that can get you running quickly. Seems awesome, doesnt it? It is, but its not. WordPresss strengths are unfortunately also its weaknesses.
A person with little to no web experience can install and get WordPress up and running in no time at all. After a while, that person can install plugins to extend functionality, start custom designing some forms, and even sell online – all without leaving WordPresss admin panel and touching a single line of code. Thats great – for a minute. Fast forward 3 months – that same website that was running awesome, looking great and smelling like a million bucks is now a recipe for disaster.
The problem is that WordPress is open source. Its great to open up code to the community, but youre also opening up code to the bad guys. WordPress exploits number in the thousands. It seems a new one pops up daily – one that steals all your customers information from your WooCommerce plugin for example. By not staying up to date (and even often thats not even enough) with WordPress and its slew of plugins, your shiny new WordPress site can be a breeding ground for viruses, malware, spam, you name it. Were not just picking on you, single dude that made a website, were picking on you too, Mr. Web Developer Extraordinaire.
We see hacked / exploited WordPress websites all the time. Its a shame the platform that is so rich in features and usability suffers from being too popular amongst the bad crowds. Dont give up hope, though!
Here are five things you can do to keep your WordPress monster happy and healthy:
- Update, update, update! As soon as a new WordPress version is released, hackers are going to work to get something on it. By staying up to date, you keep your chances of getting hacked lower because the new versions typically patch the old vulnerabilities.
- Use the recommended permissions. Like any web application, it should be locked down as much as possible. This means setting the correct file and folder permissions. For example, wp-config.php should usually be set to 0644 to prevent a random user from seeing your database passwords. The same applies for the wp-content/ directory – set it as low as possible so that a random user cant upload a malicious PHP file hidden as a JPG. Check out: https://codex.wordpress.org/Changing_File_Permissions for recommended permissions.
- Dont create useless users. Any elevated user (even a writer or editor) can open up the potential for malicious activity – even if its not their doing. If their computer is hacked and they dont know it, an attacker can be stealing your buddys username and password right from under him.
- Change passwords often and make sure to follow the strength guide. Weak passwords are a very common cause of hacks, and by changing them frequently you minimize the chance of a password leaking out.
- Lastly, use security plugins. Plugins like All in One WordPress Security work great and give your site a great level of defense – for free. There are plenty others out there – try them out and see what works best for you. One thing to mention is that we dont recommend installing more than one at a time – as they can and will interact with each other and cause some problems.
All in all – we dont hate WordPress. We love the way it helps millions of people get a great website online – after all, the more customers with websites to host the more business we have ourselves as a hosting company. The purpose of this article is to point out the common issues we see with WordPress hoping that we begin to see less of them. A hacked website is a nightmare for both you and us – we hate to see it happen – and hope this article helps just that!
Founded in 2013, EndLayer.com specializes in high performance website hosting. Backed by world-class IT professionals with 40 years of combined industry experience, EndLayer offers some of the fastest shared performance hosting solutions in the world. EndLayer’s focus is not to try and undercut a competitor’s price to win your business. EndLayer is different. By utilizing their in-depth knowledge of websites, e-mail, and e-commerce requirements, EndLayer is able to customize and optimize the best hosting environment for your business. From small to large – local businesses to Fortune 500 – EndLayer has the experience to make IT happen.