WordPress Users Urged To Act Now To Protect Websites

WordPress users are being urged to follow key steps to ensure their websites and blogs are as secure as possible. Given that WordPress powers 17% of the world’s websites – or an astounding 64 million – threats from botnets to infiltrate the web giant could cause massive problems for the world over.


The most recent spate of attacks were carried out by a remarkably powerful botnet – a network of hijacked home computers, typically by a criminal gang – which were made up of over 90,000 separate IP addresses.


These attacks are primarily targeting websites with low or minimal security, usually as a result of the user keeping the original ‘admin’ username with which they are initially assigned.


Given that earlier this year, the Solar website suffered from attacks as a result of this worldwide threat, we wanted to share our experiences and pass on some tips and advice which will ensure your computers remain bot-free.


Update Your ‘Admin’ WordPress Username

Given that nearly all of these attacks were on users who had failed to update the initial username, one of the easiest ways to increase security is to change your username! Whilst you can’t initially delete the ‘admin’ user – all you need to do is:

select Edit My Profile > Users (in the left-hand column) > Add New > fill in details as appropriate > Add New Users.

Your new account will now be set up, ensuring extra security, and you can delete any accounts which you no longer wish to use.


Create a Highly Secure WordPress password

Choosing a highly secure password is one of the easiest and most effective ways of ensuring your WordPress website will remain secure. Again, in the ‘Edit my Profile’ area, under the ‘About Yourself’, you can type in a new password of your choice.


The WordPress page itself will probably only suggest a password of around seven characters; however, we would recommend choosing one at least double the length, with a good mix of numbers and symbols. Even if the WordPress site says that the password is “very strong”, there’s no harm in adding an extra character here or there to give yourself that extra bit of security and peace of mind.


Regularly Scan Your Computer and WordPress site

Ensure you have an up to date virus scanner installed on your computer, which regularly performs both full and quick scans. It’s also important to ensure that any other computers which may have had access to your WordPress website’s admin area are also thoroughly scanned.


Keep Your WordPress Installation Updated

Whilst some will have updated WordPress without even realising they are doing it, and others might still be on version 1.5 (surely not?) – it’s important to keep an eye on the update centre, ensuring your version is the most up-to-date version available.


Few people encounter difficulties when upgrading WordPress, but the sensible thing to do is to ensure your website is backed-up before carrying out any upgrades.


Updates are usually shown at the top of the page, once you’ve logged-in, in the pale orange coloured bar at the top of the screen, as shown in the image above. However, if the version of WordPress you are currently running is 2.2. or below, then you will need to visit the WordPress website to upgrade manually.


Suggested WordPress Plugins

WordFence Security- this plugin comes highly recommended by the WordPress community, including a firewall, malicious URL scanning, anti-virus scanning and life traffic including crawlers. According to themselves, they are the ‘only WordPress security plugin that can verify and repair your core, theme and plugin files, even if you don’t have backups’.


Akismet – when visitors post comments to your blog, this anti-spam plugin checks each one to see whether or not it is “ham or spam”. Catchy, guys! You’ll need an activation key to begin, but this is free and if you click-through from the link in the title, their dedicated WordPress page will tell you everything you need to know.


TimThumb Vulnerability Scanner – Addressing problems with the popular TimThumb extension, this plugin verifies the image manipulation script timthumb.php, ensuring it is up-to-date. A popular plug-in with anyone who had previously used the timthumb script, and it has been very well received by the WordPress community.


WordPress is known for being an easy to use CMS, demonstrated in the wide number of users worldwide. The blog on the WordPress website is regularly updated, and we would also suggest keeping abreast of news via their monthly updates.


Be Sociable, Share!

Jurgita Glodenyte


Jurgita Glodenyte

Jurgita Glodenyte is an online/digital & social media marketer, manager, strategist, consultant, trainer and public speaker. Her goal is to give companies she works with the tools to make them successful in a technology based economy. Jurgita has written a few books on digital marketing & social media.
Be Sociable, Share!