La seguridad de WordPress es un tema candente en la blogósfera actualmente. Los recientes ataques de botnet en una gran cantidad de sitios de WordPress tienen a algunas persons luchando por recuperar sus valiosos datos y usted debería actuar rápidamente para fortalecer su seguridad de WordPress.
Luego están aquellos que pensaron en el futuro y tomaron medidas antes de que fuera necesario. Lo más probable es que no hayan experimentado ningún problema debido a que se convirtieron en un target difícil.
El hecho es este: aún cuando no existe un sitio 100% seguro, se puede disminuir la probabilidad de ser pirateado dedicando una pequeña cantidad de tiempo a hacer que su sitio be más seguro que el 99% de los demás. Con eso en mente, en esta publicación lo llevaré a través de de un proceso simple de cinco pasos que convertirá su sitio de un objetivo suave a una cookie realmente dura.
Step 1: Update everything
Obsolete items on your site pose potential security risks, as hackers can use them to hack their way into the backend of your site. That is why it is so important to keep everything up to date.
And when I say everything, I half everything:
- The core of WordPress
- Topics
- Accessories
Themes and plugins deactivated at the same time should be kept up to date; Their mere presence on your site makes them a potential security risk, so you should keep them updated to strengthen WordPress security.
Don't you log in very often? Don't worry, you can use a plugin like the (* 5 *) Easy Update Manager to enable automatic updates for your WordPress core, theme, and plugins. At the same time there are tons of advanced settings built in to customize your updates and logs to see what has been updated and when.
A lot of people will come this far and stop later, but there is actually one more step you need to take: you should seriously consider deleting any themes and plugins from your site that have not been recently updated. You can easily monitor when plugins were last updated with the Last Updated plugin. This adds the Last Updated date to your list of plugins on the back end (which should possibly be displayed by default).
Generally speaking, I would say that any plugins that have not been updated in the last twelve months should be considered for removal.
Step 2: Back up everything (and regularly)
I know that is an obvious suggestion, but it would be remiss of me not to include WordPress backups. The simple fact is that few things (if any) are more important to the security of your site.
If your site is subject to a really destructive attack (which is forever viable), your last line of defense is a recent backup. This means that even if the worst were to happen, you still have something to fall back on. If you do not Keep regular backups afterwards, to be frank, you're screwed.
There are a huge number of backup solutions, but my first suggestion would be to choose a hosting provider that includes automatic backups within their service. If you are the victim of a hacking attempt that damages your site, then you should find that your provider is quick to restore the site to its former glory.
Beyond that, the cream of the crop options are VaultPress and BackupBuddy. They cost money, but my advice is Never escatima en su solución de respaldo. Personalmente, soy un Username de VaultPress (del mismo modo que R Digital marketing); ofrecen una solución de respaldo integral, así como funciones de seguridad adicionales.
Step 3: change your default username
If you are still using the default "administrator" profile that came packaged with your WordPress installation, now is the time to switch.
Why? Because the first step in any brute force login attempt is to attempt to login with the username "admin" and then run a massive number of password attempts to gain input. If you create a more unique username, you stop this hacking attempt in its tracks.
Cambiar de perfil y todo lo que está potencialmente asociado con él (transferir la propiedad de las publicaciones, etc.) puede parecer una tarea bastante abrumadora, pero es un paso importante para proteger su sitio y es mucho más fácil de lo que parece. Visite Youtube para obtener tutoriales si desea orientación adicional.
Step 4: create a unique strong password (and change it normally)
Most people are smart enough these days to understand that their password should not be "password." What they can do not Lo que sabemos es que los intentos de hackeo por fuerza bruta intentarán un número asombroso de combinaciones de contraseñas en un intento de acceder a sitios Web. Si su contraseña tiene sentido o es de alguna manera predecible (a modo de ejemplo, está formada por palabras reconocibles o patrones numéricos), su sitio está en riesgo.
There are actually three golden rules for generating best-practice passwords:
- Must be truly random and unique
- It should be used only once (in other words, not in multiple places)
- It should be changed periodically (for example, at least once a month)
If you follow these three rules, your site will be much more secure. In terms of generating truly random passwords, you can use a free online generator, as I recommend signing up for a free account with Last pass and use that service to (a) generate and (b) store all your passwords.
Step 5: Install Plugin Protection
There are a large number of plugins that claim to increase the security of your site. The mere choice can be overwhelming, but I'm going to cut through the garbage and recommend what I consider to be the simplest and most effective plugin to use.
That complement is Wordfence- A popular and highly rated free plugin. It includes a wide variety of security features, including (but not limited to):
- A firewall
- Malicious IP protection
- Backdoor scans
- Escaneos de malware
- Enhanced login security
Aunque Wordfence es un modelo freemium y dispone de una versión de pago con más opciones, el plugin en sí y el servicio básico no le cuesta nada. Instalar esto en su sitio es una obviedad.
Actually, I'm just scratching the surface here. Although implementing the above security measures will help strengthen WordPress security above the vast majority of others, there is always more you can do and forever there's a chance you might get hacked anyway.
In this post I have covered simple ways to strengthen WordPress security. If you've implemented them all and still want more, I advise you to start by checking out the official WordPress security page at the (* 5 *) WordPress.org Codex.
Now it's your turn; I'd love to know what simple recommendations you have for hardening WordPress security. It could be simple tips and tricks, plugin suggestions, or even a recommended premium service like the aforementioned VaultPress. Shoot in the comment section!
