Keeping Your WordPress Blog Page Safe - Four Security Tips
Published under Wordpress Themes » WP ArticlesOnline forums have been swamped with stories of blogs being broken into and then blocked by Google for spreading badware. You should always adhere to these WordPress security tips to avoid your blog being hacked and having to face that kind of situation.
Stay current with the latest secure version
Every piece of software has its own problems and weaknesses. Be diligent about always updating to the most recent "known secure" version. In this instance, you will want version 2.3.3 of WordPress.
Other things to watch are plugins and themes as they have full access to WordPress. Starting with the version 2.3 of WordPress, you can find out if the installed plugins has a newer version from admin screen.
Disable and remove any themes and plugins that you're not using
If you're like most bloggers, you've installed and tried out several different themes on your blog. And you very likely have several plugins installed that you don't use.
Every single piece of unwanted software may provide a new vulnerability. Since no one is using them, why waste the energy to take these packages to the latest version? Get rid of the software, eliminate all associated files and be done with the trouble.
Removing the files from the server is the last step. It is extremely important. Add-ons, plug-ins and themes are generally stored in standardized, well known directories. This is both good and bad. It is good because they are easy to find and remove; it is bad because they are easy to find and exploit by attackers. Be safe and remove the unused ones.
You should only download and install code you trust
Just like you shouldn't click on email attachments coming from people you don't trust, you shouldn't install software on your blog from untrusted sources. Only download code from the authors' web site.
Since WordPress and most themes and plugins are released as open source, anyone can modify the code with malicious intent and put up the badware for download to unsuspecting web surfers.
Don't be the guinea pig for the latest plugins. Take a cautious approach and wait until you see a plugin being used by many other trusted bloggers.
Be weary of JavaScript includes
Web analysis services and ad networks require the addition of JavaScript to blog pages. JavaScript code is allowed to do almost anything with your web page without your permission. In Essence, you are trusting the security of your website to this unknown, third-party service
I would be unwilling to have JavaScript put on my web site by an entity I was not familiar with. I would be more receptive to legitimate, well-known ad network and web analytic providers such as Google AdSense and Google Analytics.
Ad networks also pose another problem if you don't have control over who is allowed to advertise on your network. Google applies the guilt by association principle: If you are advertising for a site that has badware on it, your site may be blacklisted too.
WordPress security is an ongoing effort. Stay up to date with tips from Nick Dalton at TipsTricksToolsTechniques.com. You should also read his acclaimed report: The Digital Security Report for in depth advice on protecting your digital products.
www.amazines.com
Stay current with the latest secure version
Every piece of software has its own problems and weaknesses. Be diligent about always updating to the most recent "known secure" version. In this instance, you will want version 2.3.3 of WordPress.
Other things to watch are plugins and themes as they have full access to WordPress. Starting with the version 2.3 of WordPress, you can find out if the installed plugins has a newer version from admin screen.
Disable and remove any themes and plugins that you're not using
If you're like most bloggers, you've installed and tried out several different themes on your blog. And you very likely have several plugins installed that you don't use.
Every single piece of unwanted software may provide a new vulnerability. Since no one is using them, why waste the energy to take these packages to the latest version? Get rid of the software, eliminate all associated files and be done with the trouble.
Removing the files from the server is the last step. It is extremely important. Add-ons, plug-ins and themes are generally stored in standardized, well known directories. This is both good and bad. It is good because they are easy to find and remove; it is bad because they are easy to find and exploit by attackers. Be safe and remove the unused ones.
You should only download and install code you trust
Just like you shouldn't click on email attachments coming from people you don't trust, you shouldn't install software on your blog from untrusted sources. Only download code from the authors' web site.
Since WordPress and most themes and plugins are released as open source, anyone can modify the code with malicious intent and put up the badware for download to unsuspecting web surfers.
Don't be the guinea pig for the latest plugins. Take a cautious approach and wait until you see a plugin being used by many other trusted bloggers.
Be weary of JavaScript includes
Web analysis services and ad networks require the addition of JavaScript to blog pages. JavaScript code is allowed to do almost anything with your web page without your permission. In Essence, you are trusting the security of your website to this unknown, third-party service
I would be unwilling to have JavaScript put on my web site by an entity I was not familiar with. I would be more receptive to legitimate, well-known ad network and web analytic providers such as Google AdSense and Google Analytics.
Ad networks also pose another problem if you don't have control over who is allowed to advertise on your network. Google applies the guilt by association principle: If you are advertising for a site that has badware on it, your site may be blacklisted too.
WordPress security is an ongoing effort. Stay up to date with tips from Nick Dalton at TipsTricksToolsTechniques.com. You should also read his acclaimed report: The Digital Security Report for in depth advice on protecting your digital products.
www.amazines.com
Comments: 0
