Web Site Design & DevelopmentWordPress

Common WordPress Mistakes: Part 2

wordpress-security-measures

Last month we covered the following topics on mistakes that users make when building a solid business website:

• Not backing up your website
• Testing a product on a live website
• Ensure your backup is safe
• Lack of permalinks
• The use of cheap web hosting companies
• Downloading too many plugins
• Changing your theme too often
• Not changing your username from ‘admin’
• Using a weak password

If you missed it please click on this link to get you up-to-date.

This month we have more valuable information for you and will focus on the security of your website. This aspect is often overlooked and can cause your site to be jeopardised and exposed to hackers. Here are a 3 reasons you need security for WordPress sites:

1. WordPress has plenty of vulnerabilities – these depend on how you installed WordPress and your hosting service provider.
2. Each of these vulnerabilities needs to be addressed. In other words you can’t do a ‘blanket’ security update.
3. As a WordPress user you may not be aware of these loopholes due to lack of knowledge that will jeopardise your website in the long run.

Let’s focus on the common mistakes you make as a WordPress user

Not updating your version of WordPress

You will see a notification from WordPress stating that a new version is available. It is important to update your version, not only because there will be new features, but also because it will fix any bugs on your site. Remember, as we mentioned last month, to back-up your website before you update it. A community of developers discovers vulnerabilities and tips to improve performance all the time. You want to ensure that your website has access to these vital updates.

What happens if you don’t update WordPress?

You will end up giving hackers a foothold to do a lot of damage to your website. WordPress will have covered security loopholes in the newer version to protect your site. Some of these damages are:

Hackers get access to your email list. They can steal or bombard your email list with spam. They can also sell your email list to other ‘black market’ buyers.
• They can infect your site with malware so that anybody who visits your website will be infected.
If you run a membership site where people are paying, their PCs can become infected and you will lose authority on the website.
• Google will discover you have malware on your site and they will cut your rankings. In order to amend the effects of malware can cost you a lot of money and stress. Some people have lost their brands due this blacklisting.
• To sum it up, your reputation and future business will be destroyed.

google-malware-warning

 

Using pirated themes or plugins

In the fast-paced world of technology that we live in today people are creating all sorts of pirated software to tempt the consumer. As soon as WordPress releases a new theme or plugin, there is a pirated product to match it, for free! These cyberlockers (file hosting services) have malicious software or ads with malware on it. When you download the files there are links that pop up to tempt you to click on them and these can wreak havoc on your PC if you don’t have good anti-virus software. There are, however, reputable cyberlockers that you can safely download from, but knowing which ones you can trust can be difficult in the cyber world.

Watch out for free themes

This is similar to the pirated themes, but are advertised as ‘free WordPress themes’ on some websites. You are going to encounter the same problems as you have with pirated themes … there will be malware in the code. Stick to using certified themes from WordPress. These have been carefully developed and undergone strict selection criteria.

Failing to disable directory browsing

This is an important precautionary measure that will boost the security of your website. The Apache webserver automatically enables directory browsing. As a result all the files and folders stored in the root directory are available for anyone to access. This needs to be avoided because you don’t want people to have easy access to your media uploads and theme plugins.

Failing to install a security plugin

This is really the best security for your website. iThemes Security Pro is a recommended site for you to install and trust that it will cover your security issues. It is good to pay a premium for good security especially if you own a membership site. Also make sure you have a WordPress hosting environment.

By adding all of these security measures, most of which are easy to do, or get assistance with, will ensure you don’t leave open doors for hackers and the like.

In closing:

We trust you have gained many insights into the world of WordPress and are ready to apply them. Our tips will put you in the right direction and give you an opportunity to build a fast, useful and successful website.