Since WordPress is THE most popular website management platform of today, it’s constantly experiencing more and more attacks every year, or even every month. Quite simply, if your affiliate site runs on WordPress, it may be under attack right now as you are reading this.
Don’t worry though, there are still easy ways of securing your site and making it bullet-proof, so to speak. Here are some web security tips:
Basic Access Level Security
Speaking of making anything bullet-proof, there’s actually a plugin called BulletProof Security. We strongly advise you to make it the first frontier of your protection infrastructure.
Basically, the plugin provides a good level of .htaccess protection. It helps you to avoid various attacks like: XSS, RFI, CRLF, or direct code injection.
The plugin is a hands-free solution. You only need to install it, go through the setup (there are tutorials available), and then go back to using your site normally.
Hiding Your Login Page
A big number of the recent attacks on WordPress sites target the standard login pages that are usually accessible under: yoursite.com/wp-login.php.
The way those attacks are carried out is through an automated script that tries to guess the username and the password used on your site. One of the two steps to protect yourself against this is to hide your login page.
You can do it with a plugin called Hide Login. In short, it allows you to set a custom login page URL instead of the default /wp-login.php. You can even go a step further and set custom logout and admin URLs as well.
Good Password Policy
Using Hide Login is the first step to protect yourself from brute-force attacks on your login pages. Having a good password policy is the other step.
Here’s the basic anatomy of most brute-force attacks. A piece of automated script finds your login page and then tries to guess your username and password by going through a dictionary of words and phrases. This process can take days, but the scary part is that if you’re using a simple word for a password, the script will find it sooner or later.
Therefore, to avoid that from happening, always use complex passwords and usernames. What is a secure password? For example, one that contains: both lower-case and upper-case letters, numbers, special characters and spaces. Moreover, the longer the password is, the better. The simple goal here is to make it un-guessable.
The final piece of advice we have for you today is to always keep your WordPress site updated. An outdated version of WordPress is yet another security breach point that a skilled attacker can use.
Essentially, every new version of WordPress introduces a number of security fixes and new protection mechanisms. And along with each new version comes a change log, which openly lists everything that has been updated. Therefore, any attacker who wants to take advantage of this, only has to go through the change log. He can then target the older sites that don’t have the new security mechanisms implemented yet.
P.S. Here’s a condensed cut-out-‘n-keep guide of everything that’s been said in this post:
- Update frequently.
- Use secure passwords.
- Get BulletProof Security.
- Get Hide Login.