WordPress is one of the most popular Content Management systems which is used to make template based websites. It has a host of different features to aid quick updates and easy setup of your website. However, WordPress is also know to attract a lot of negative attention and needs to be understood before it is made live. This article highlights some common security related issues you need to keep in mind when setting up a WordPress based website.
Brute Force Login Attempts
A very common issue with most WordPress websites is Brute Force Attempts. This basically means that your wp-login page is bombarded with login requests with different username and password combinations, so that if you have a weak password, or a common username, the attackers can get control of your website. Not only does this pose a direct risk to your website, it becomes a nuisance for the web server as well. The web server has to handle a sudden spurt in requests from the attackers computer, to serve up your website’s login page. This can be prevented by renaming the wp-login page with various plugins that are available. The “Rename wp-login.php” plugin allows you to set a custom login URL so that it is difficult for attackers to find out which page you log in from.
You may be quite please to see comments of praise and appreciation within few days of setting up your WordPress website. Don’t be taken in by such comments, as the comments are from people who are aiming to put their website’s link on your website, through the comments. You will often find that along with the positive comment there is also a link to some dubious product embedded in or below the comment. This is just a ploy to get you to list the comment on your website. Free publicity at its best. There are many plugins like “Akismet” which automatically filter out malicious comments and help you to keep the good ones.
WordPress Plugins authored by 3rd parties are also a major source of security issues. Due to them being free and unsupported, many plugins may contain inherent vulnerabilities and may be a threat to your WordPress website. Although you can’t do much about it, it would be a good thing to check the plugin last update date, the rating and feedback by other users and also the compatibility with your WordPress version. Frequent responses by the plugin author and active participation by the developers may be an indication of a good plugin which is well looked after and is backed by people who know what they are doing.
Inherent Vulnerabilities and Exploits
Although WordPress is a beautiful piece of software, it does have certain vulnerabilities and exploits which make it a dangerous tool in the hands of an ignorant webmaster. Websites like Sucuri list out a set of known set of vulnerabilities for the WordPress system to help you plug or patch the loopholes so that you don’t become a victim. They also provide Exploit scanners and vulnerability scanners in the form of WordPress Plugins, which inform you of any events or incidents related to your website’s security.
Even though WordPress does have these limitations and threats, it is one of the most popular and ideal ways to start a website. Reading up a bit about setting up WordPress is definitely recommended before you make your site live. If you are unsure of what you are doing, you may want to hire a professional.