Hacking attacks cost the average American firm $15.4 million per year. During October, which is National Cyber Security Awareness Month, Liquid Web, a $100 million web hosting and cloud services provider, urges WordPress users to help prevent attacks by addressing five critical areas of security.
WordPress is the web’s most popular content management system, and collectively its users publish more than 58 million new pages each month. Ninety-nine percent of more than 75 million WordPress sites are secure, but that still leaves one percent, which includes more than 750,000 sites that are potentially vulnerable. WordPress users can make sure they stay out of the one percent by addressing these five critical areas of security:
The most important thing you can do to protect your WordPress site is to keep your software up to date. Compatibility concerns often influence administrators to take the wait-and-see approach. Instead of acting quickly, they may keep an eye out for issues flagged before updating an older plugin. In reality, timing is critical and updates should be applied as quickly as possible. By default, WordPress will apply security updates, but plugins and themes need to be updated regularly by the administrator.
Hackers like to target the path of least resistance, so it’s important to increase security on your login page to repel these automated assaults. By restricting IP access, installing password protection and limiting login attempts, administrators can double the number of credentials needed to login and reduce the number of password guesses, making a would-be attacker’s work more difficult.
Enable two-factor authentication. Most sites already use this, and its widespread adoption rate keeps growing because it works. It requires users to log in with a one-time-use code tied to a personal device in addition to their user name and password. Requiring a minimum password strength and enforcing password expiration for users are common ways to prevent attacks. WordPress admins can enable these additional security measures through plugins.
Secure your code by putting your site to the test regularly using security plugins and most importantly, employing CAPTCHAs (Completely Automated Public Turing Test to tell Computers and Humans Apart) on every form. While these automated form filters can be annoying, they are effective and can severely limit damage that can be inflicted by site attackers.
All WordPress files and folders should have proper permissions and ownership; this basic step is often overlooked. Applying these controls can deny attackers the ability to upload malicious files and execute code that can compromise not only your site, but your server as well.
Liquid Web recommends these simple steps to help hinder hackers, not only during National Cyber Security Awareness Month, but also for the life span of your WordPress site.
“Liquid Web wants to ensure all our users are safe from vulnerabilities,” said Liquid Web CTO Joe Oesterling. “One of the unique qualities is that our products, like Managed WordPress, enable users to worry less because of our built-in firewalls and SSL configuration.”
By following Liquid Web’s basic guidelines for user, code and server security, website managers can make a hacker’s job far more trouble than its worth, ideally driving attackers away from the site. If you want to learn more about the approaches and importance of security, download the free ebook: 5 Essential Approaches to Securing Your WordPress Site.
“Liquid Web is continuing to grow with our products and recent acquisition of Rackspace’s Cloud Sites,” said Oesterling. “Educating our users about cyber security awareness is the upmost priority. At Liquid Web we want to ensure our tools are performing at their maximum strength, which is why we stay up to date with the latest security measures and also give our users the tools to make their sites secure.”
About Liquid Web
Liquid Web delivers reliable, highly-available, secure and hassle-free hosting fueled by our Heroic Support. ® The company empowers its employees to go above and beyond to make life easier for professionals who create the content and commerce on the ever-changing web – so they can focus on the work they love. With over 30,000 customers spanning 150 countries, the company has assembled a world-class team, global data centers and an expert group of 24/7/365 solution engineers. As an industry leader in customer service, the rapidly expanding company has been recognized among INC Magazine’s 5000 Fastest Growing Companies for the last ten years. Liquid Web is part of the Madison Dearborn Partners family of companies. Madison Dearborn Partners, LLC (“MDP”) is a leading private equity investment firm based in Chicago. For more information, please visit www.liquidweb.com, or read our blog posts at http://www.liquidweb.com/blog.