WordPress Security – File Permissions

File Permissions are set when WordPress is installed. If you did not carry out your own installation, you may want to check that the settings are right for your site.

Setting file permissions for certain files may have significant security implications for your site. It is worth taking a few minutes to check your settings and make sure they match your requirements.

In short, an install done by an experienced WP installer probably won’t need any file permissions tweaks. A self-install might need checking. Also note that shared servers will need different settings. Personally, my sites are on shared servers, as I imagine the majority of WP sites are.

Continue reading WordPress Security – File Permissions

WordPress Security – updates

Updates are the simplest way to reduce the risks to your wordpress site.

Set your WordPress version (core) to automatically update right from installation – it’s a no brainer. Of course, you may want to examine all the updates and make your own evaluation… assuming you have the time and expertise.

Not only that but regularly check your plugins and update them too, at least once a week if not daily. Having the latest versions means you are less vulnerable to the latest security issues. There is still no guarantee even if you update seconds after an update is available. However regular updating lowers your risk considerably.

Continue reading WordPress Security – updates

WordPress Security – WordPress Firewall

Having already recommended Loginizer to prevent ‘Bruteforce’ attacks, I now have another recommendation: ‘All in One WordPress Firewall’

wordpress firewall‘All in One WP Security & Firewall’ from Tips and Tricks HQ is a very popular and up-to-date WordPress Firewall plugin. This certainly meets our requirements as a ‘safe’ option. It has all the features of Loginizer when it comes to Bruteforce, but that’s not all. As the name suggests, this has firewall settings which are simple to use, but it’s features are many and various. Too many to go into here, so a certain amount of playing about with the settings is recommended. One nice feature is the dashboard which displays a gauge indicating how protected your site is. Under this are four buttons which you should click to set up your critical features. Each time you add a feature, your security rating goes up on the gauge.

Continue reading WordPress Security – WordPress Firewall

WordPress Security – .htaccess

Having introduced a series on Wordpress Security, the second post in the series looks at protecting WP-CONFIG and .HTACCESS files etc.

Apache uses the .htaccess file  to serve files from it’s root directory. If it is not protected properly, your site security is definitely at risk.

Making changes could potentially be a turn-off as ‘techy’ language is being used. The reality is that it is not difficult to take a few steps to minimise the risk to your site. In order to carry out the necessary changes, you will need to ‘write’ to your site files. This sounds ominous, but the good news is, if you don’t want to do this the nuts and bolts way, you can use a plugin..

Continue reading WordPress Security – .htaccess

WordPress Security

There are individuals who are ‘out there’ looking to hack into your WordPress site. WordPress Security is at risk not just occasionally, but on a daily basis.

We are acutely aware of security especially since the recent ‘ransomware’ super-hack. This attack appeared to affect multiple government organisations as well as individuals. If we learn nothing else from this, we need to realise that security should be second nature. This applies to wordpress security in the same way that it applies to our workstations and devices.

Continue reading WordPress Security