Is Your WordPress Site A Target For Hackers?

published on March 7, 2014 | tagged in:

Online security is a priority website owners should take seriously. How many of us use the same password not only for multiple sites but for other personal information like bank accounts, billings, credit cards, etc.? General website information is available via Whois.com and displays information such as your email address. To the determined hacker, this single piece of information could lead to a chain of personal information tracking and could lead to more devastating consequences aside from identity theft. The epic hacking of Wired’s Senior Writer, Mat Honan, that dissolved his digital life is a reality check that whatever goes online (and even offline) can disappear in a matter of seconds.

Another security challenge is having multiple authors and contributors to your WordPress website. Granting access to users should be managed with a built-in authentication system to filter out unauthorized or unregistered users from accessing not only your resources but also premium information not open to the public. Installing necessary precautions and different levels of security checks can be helpful in creating deterrents to possible security hacks.

Here are some useful tools you can use to protect your site from being compromised.

LastPass – PassWord Manager

LastPass is an award-winning password manager that saves your passwords and gives you secure access from every computer and mobile device. Download and setup is easy and can be done in minutes. Once you’ve created your account, LastPass prompts you to save new sites as you browse – so you’ll never lose another password. After saving a website’s username and password, LastPass will autofill the login when you return to that site. No thought, no typing, no work required – LastPass does it for you. LastPass allows you to share access to multiple users securely. This security tool also helps you address other password management concerns and security threats like keylogging, etc.

UpDraftPlus – WordPress Backup

UpdraftPlus simplifies backups and restoration. Backup into the cloud (Amazon S3 (or compatible), Dropbox, Google Drive, Rackspace Cloud, DreamObjects, FTP, SFTP, SCP, WebDAV and email) and restore with a single click. Key features include: Site duplicator/migrator: can copy sites, and (with add-on) move them to new locations; backups of files and database can have separate schedules; large sites can be split into multiple archives; database backups can be encrypted for security; and download backup archives direct from your WordPress dashboard, among many.

Clef – 2 Step Authentication Mobile App

Clef is a free replacement for usernames and passwords that makes logging into your WordPress site easier and more secure. It is a mobile app that replaces usernames and passwords using your smartphone. This security tool lets any site recognize their users based on their phones, instead of anything they have to remember or type. Clef puts secure cryptography in the hands of every user and frees you from having to remember any passwords. Once you sign in to one WordPress site using Clef, you can sign into all of your Clef-enabled sites with a single click. And once you sign out of the app on your phone, you are automatically signed out of all your WordPress sites.

Google Authenticator – WordPress Plugin

The Google Authenticator plugin for WordPress gives you two-factor authentication using the Google Authenticator app for Android/iPhone/Blackberry. You may already have the Google Authenticator app installed on your smartphone, using it for two-factor authentication on Gmail, Dropbox, Lastpass, Amazon etc. The two-factor authentication requirement can be enabled on a per-user basis. You could enable it for your administrator account, but log in as usual with less privileged accounts. It also works on WordPress installations that have several users aseach user has his own Google Authenticator settings.

All In One WP Security & Firewall

The All In One WordPress Security plugin is a comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site. It reduces security risk by checking for vulnerabilities, and by implementing and enforcing the latest recommended WordPress security practices and techniques. This plugin uses an unprecedented security points grading system to measure how well you are protecting your site based on the security features you have activated. Protect against “Brute Force Login Attack” with the Login Lockdown feature. Users with a certain IP address or range will be locked out of the system for a predetermined amount of time based on the configuration settings and you can also choose to be notified via email whenever somebody gets locked out due to too many login attempts. Monitor/View the account activity of all user accounts on your system by keeping track of the username, IP address, login date/time, and logout date/time.

As always, check for compatibility before installing any plugin or tool. And don’t forget to backup your site as well.