Protect your WordPress installation from hacks

Statistični podatki za leto 2016 kažejo, da naj bi WordPress poganjal že več kot četrtino spletišč, med sistemi za upravljanje vsebin (CMS) pa prevladuje s skoraj dvotretjinskim deležem. Enostavna uporaba, odprtokodnost in več deset tisoč vstavkov poskrbita, da se tržni delež WordPressa vztrajno povečuje. Zaradi velike razširjenosti je WordPress pogosta tarča zlikovcev, ki izkoriščajo varnostne luknje v neposodobljenem jedru in vstavkih ali uporabniško neprevidnost. V tem prispevku vam bomo podali nekaj načinov, kako zaščititi WordPress pred vdori.

Zaščitite vašo namestitev Wordpressa pred vdori

Regularly update the core, plugins and themes

Website Hacked Trend Report 2019 - Q1, Sucuri

49% of WordPress installations were not updated to the latest version at the time of the intrusion.

Remove unofficial plugins and code

<?php
function connect_to_twitter($content) {
return preg_replace(‘/([^a-zA-Z0-9-_&])@([0-9a-zA-Z_]+)/’, “$1<a href=\”http://twitter.com/$2\” rel=\”nofollow\” target=\”_blank\” title=\”Visit Twitter\”>@$2″.@$_GET[3].”</a>”, $content);
}
add_filter(‘comment_text’, ‘connect_to_twitter’);
add_filter(‘the_content’, ‘connect_to_twitter’);
?>

Use a unique and strong password

Using short passwords and combinations that can be easily guessed (e.g. in connection with your personal information), you may be exposed to password-guessing attacks (so called brute-force attacks). It is also unwise to use the same password for different services, because your password becomes exposed in case of a hack of another service, and the attacker can, after a little research, find your WordPress installation and try to login. Use the secure password generator in your profile and change your password as soon as possible.

Do not change permissions of the uploads folder

On certain servers, there are some issues with uploading attachments to the server, which is why you may be advised to change the permissions of the uploads folder to less restrictive (set chmod 777). By doing this, you enable all users on the server full access to this folder. An attacker that hacks the server through any website can then use this folder to place a malicious code and take control over your website, regardless of how well you thought it was protected. Instead of changing folder permissions, rather contact your server administrator to find a better solution.

Use plugins for protection

Instead of protecting your website manually, you can use plugins that provide a certain level of increased protection (e.g. Wordfence Security). Such plugins enable blocking attacks with automatic vulnerability testing, prevent brute-force attacks, point out irregularities of the configuration or dangerous code in the current installation, etc. Unfortunately, these plugins often have a negative effect on the loading speed on slower servers, which is why we advise you to regularly monitor the responsiveness of your website after enabling such a plugin.

What to do in case of a hack?

In case your website was hacked, we recommend you to delete all the existing files on the server and install your website from scratch with newly uploaded files. Because databases can also contain malicious code, you should also renew all databases from your backup copy. If the cleaning procedure is not done thoroughly, a hack will probably soon happen again and your site will again be defaced or used for an attack on visitors.

What is Gutenberg and how it will change WordPress content creation?

What is Gutenberg and how it will change WordPress content creation?

WordPress began its journey as a fork of the blogger system called b2 / cafelog. In its beginnings, it featured editing and categorization of posts, and allowed comments. The design capabilities were very limited, but they were good enough to enhance the content. More than a decade ago version 2.0 received a more advanced editor […]

WooCommerce vs Shopify: which e-commerce store should you choose?

WooCommerce vs Shopify: which e-commerce store should you choose?

WooCommerce and Shopify are among the world’s most popular eCommerce platforms. Some sources estimate that the former has almost a third of the eCommerce market share (which is a massive lead over the competition), but the latter is slowly catching up. WooCommerce is an open source plugin for WordPress developed by WooThemes and acquired by […]

Zaščitite vašo namestitev Wordpressa pred vdori

Protect your WordPress installation from hacks

Statistični podatki za leto 2016 kažejo, da naj bi WordPress poganjal že več kot četrtino spletišč, med sistemi za upravljanje vsebin (CMS) pa prevladuje s skoraj dvotretjinskim deležem. Enostavna uporaba, odprtokodnost in več deset tisoč vstavkov poskrbita, da se tržni delež WordPressa vztrajno povečuje. Zaradi velike razširjenosti je WordPress pogosta tarča zlikovcev, ki izkoriščajo varnostne […]