WordPress Security
Whenever we do anything these days that involves information technology we must think in terms of the security implications.
This is especially true when we are dealing with the two primary vectors for compromise:
- The internet via your web browser
- Email via your email client installed on your desk or laptop or today email via your web browser.
The security perspective changes when we host (internally or externally) our website.
In my case I am hosting my website (that you are now viewing) externally through godaddy WordPress hosting.
And in case you are not aware – there has been some security “events” where WordPress websites (like mine) hosted on godaddy (and other hosting providers) were hacked and malicious malware code was installed resulting in viewers (website visitors) getting redirected to malicous or malevolent websites.
I noticed that some proponents argued that the problem was specific to godaddy. But then I read that other WordPress hosting providers had experienced similar problems. Therefore, I do not think that the problem is specific to godaddy.
My understanding is that the security problems descibed were brought about by vulnerabilities in the underlying php code that WordPress (and many web servers and websites) use.
The solution?
The first thing to do when your WordPress website is installed is to update your admin password and all hosting account passwords to a “strong” password. The password should be at least 8 characters and it should utilize upper and lower case letters, numbers and special characters.
The second most important thing is to keep your WordPress installation updated. Whenever you log in to your WordPress admin you will often get update notifications in the upper left area within the dashboard. These notifications may indicate that there are updates available for the plugins that you have installed and or for WordPress itself. You want these updates – they are required security updates. The updates keep your WordPress website secure by updating code that may have vulnerabilities that hackers can exploit.
I recently updated my WordPress website to the new version: 3.0.2
It is very easy to update WordPress. When you get the update notification, just click on it – I always select all available updates and “install”. You can perform these updates without taking your site offline – and the update process takes place within the admin panel of your WordPress website.
And since I have to go into the admin panel of my website frequently to post to my blog or add a page to my website – it is easy and convenient to keep my website updated.
My guess is that the WordPress websites that were compromised may not have been updated or may have had default or easily guessed passwords.
What do you think?