What are some of the security vulnerabilities with WordPress websites? Define briefly in your own words.
1. Cross-site Scripting– This means that code can get put into your browser while you are using the site by the way of cookies. A hacker can gain access to a users account this way. This accounts for 39% of vulnerabilities. That’s a lot!
2. SQL Injection- A SQL injection is where a hacker can gain access to your code and change it to benefit them. By doing this they can ask a user questions to gain access to their accounts. Adding escape statements can help negate this issue
3. Cross-Site Request Forgery- Users can be tricked by sites. A hacker can change form information to get access to user accounts. By adding post requests, it would help prevent a hacker from creating a faulty form.
Below are images of plugins that I have installed on my WordPress
What plugins/resources are available for WordPress Security? Name at least five plugins or resources and what services or benefits do they provide.
WordPress Limit Login Attempts
Using brute force attack this helps limit the number of guesses someone can make to log into an account.
WPS Hide
Disable auto log in. You can create your own log in window.
WordFence Security
By using two-factor authentication this helps the security of your website. It also has many other features.
Stop Spamming Comments
This plugin helps with keeping spam comments away from your website.
WP Security
Keeps track of all of the back-end information. That way you know what’s going on with your website. This also has many images that show you how secure your website is.
How do you harden WordPress website?
- Keep your WordPress updated.
- Use strong passwords.
- Two-factor authentication
- Use WordPress security plugins.
- Block bad bots
- Ensure your connections are always secure.
- Check file permissions.
- Use database security.
Tips continued…
- Lockdown your WP admin login page
- Using wp-config.php.
- Using an SSL certificate
- Disable file editing on your dashboard.
- Hide the WordPress version that you are utilizing.
- Change passwords every few weeks.
- Keep your plugins updated.
What is SSL? How would you activate it in your domain?
SSL stands for Secure Sockets Layer. This helps keep your user information like confidential information secure. You would active this by logging into your cPanel, going to SSL/TLS manager, coping the verification code, autofill by certificate, and installing certificate.
What would you do if you are hacked?
- The first step would be to find out where the hacker got information with a malware scan. This can help you figure out what to do. Visiting a website such as WebPage Test can show you where your vulnerability was.
2. Make sure your files have not been touched. Checking for files that have been edited can show where the hackers were. You can use a site like Diffchecker.
3. Remove malware from your website. You can create a new WordPress website to ensure you are using a clean version.
4. Check your tables to make sure they aren’t hacked. If they are, ensure your table is backed up then remove any weird contents.
5. Always check your users area. Make sure all users listed are actually people you recognize.
6. Remove malware warnings from your website.
7. Finally protect your website to ensure this doesn’t happen. You can protect your website by setting up security plugins, generating secret keys, changing passwords, and make sure your website and plugins are always up to date.
Which plugin(s) do you think you will use and why?
- Titan Anti-Spam & Security. This seems to be the most all in one security plugin. I like they way that this shows their features within WordPress. This seems user friendly.
- WordFence- Two factor authenticity is a wonderful feature of this plugin. It appears to be a user-friendly plugin that is beneficial for WordPress users.
- Loginizer Security- I like that this gives Brute Force protection and limits login attempts.
