January 2012 saw in increase in hacking attempts on a number of high profile websites, and this included a number of government and large corporate websites that you would expect to have a high level of security. Smaller websites were also targeted that use OpenSource platforms such as WordPress, as these are potential more vulnerable as hackers know how the platform works. However before you get too concerned, a great aspect of OpenSource websites is the continuous level of free updates which includes fixing or addressing any known security bugs. Keeping your WordPress platform up to date with the latest version can be enough for most people.
You can further improve the security to your WordPress sites however, and there are a number of practices that can be employed to do this. We touched upon this recently in our post protecting your WordPress website. These include:
- Restricting access to directories and files
- Preventing remote script execution & changing file permissions
- Removing default users and improving password strengths
- Changing the default database structure
- Limiting public information
- Installing additional security plugins
There are also a number of things you can do proactively, such as setting up regular backups on your server. Although you may have backups of all the files for your website theme, if you were to lose your database with i.e. 3 years of posts and page content this would be a disaster. Regular/daily updates will ensure that you always have a current backup of your database to completely restore your site if required.
We have now started including these practices in all our WordPress websites on the initial build, however if your site was developed a long time ago or was created by another web agency, we are now offering security updates as a package for peace of mind. If this is something you are interested in, then contact us to find out more.