WordPress is the most popular blogging platform in the world, through the dissemination of a well-known Web site of wordpress. WordPress is the software that can be hosted on shared hosting accounts, but also special solutions, depending on the type of traffic that must manage.
Dedicated server is often the best solution in the case of blogs and Web sites created with WordPress, which grinds out thousands of daily visits at the management level of the generated pages becomes easier with the ability to optimize Apache and other components of the server system. In today's talk, but no less important aspect of security: as with all software, great extension for WordPress security issues and attacks the servers, particularly for small blog owners and for the most important publications that use this platform.
In this article we will see a number of technical and not to increase the security of WordPress in General and special, by changing some settings and adding the appropriate plugin.
The attacks, which should be protected from another WordPress and all the different nature, but not the same. Take a look at the most common:
Bruteforce login attempts : common technique, which is designed to log in to the WordPress platform to take possession of the data and administration capabilities. It's not easy to set up the attack, but now the ability to use low cost increases the likelihood that brute force is to gain access to our blog. Spam : one of the most common attack vectors for blogs that do not use any method to protect thousands of robots, enter comments in the post at the same time, leaving no time to remove them and thus create confusion and errors in the WordPress platform. Older versions of software and plugins : install the older version of WordPress can be the best way to be attacked, many errors now known and have many exploits available for use. The same for recently updated plugins representing possible security flaw with the passage of time.SQL injection : despite the reduction in comparison with the past, this method of attack is the most dangerous. In the registration form can provide access to confidential information and may authorize changes to the database information.For these types of attacks are specific decisions to be implemented through plugins or settings that reduce the likelihood that our WordPress hit it. Most attacks indicate tens machines, organized by the same hosting provider and can lead to a very automated binding systems.
Also useful for the review of methods for their hosting providers, many ISPs now offer hosting solutions for CMS, thus simplifying the security for the simple fact that the servers are already set for this particular CMS.
Over the years thousands of plugins have been developed to improve the security of WordPress, many of them were later abandoned or left without constant updates. Therefore, you must always include a limited number of plugins that are relevant and that they have the support of the community, so make sure that they themselves do not become a security problem.
After a series of plugins that can improve the security of WordPress with a minimum of effort, the operator of the Web site.
Limit login attempts : useful plugin that allows you to restrict the number of tests, you can log in to WordPress. This is a plugin that allows you to disable the use of IP through cookies or user, and prevents attempts to brute force a theme. Askimet : perhaps one of the most popular WordPress plugins, enables you to better manage comments containing spam, classifying them and prohibit them rinser new bots.Da antispam Captcha : always protect the login page, this plugin puts captcha on the page to be sure that access is always human and groped a botnet. Anti-virus : another plugin which is responsible for the inspection of files in our Installer, looking for any malicious code.Plugins-this is definitely a great way to make your own blog, but there are a number of tools that we can put in practice with little effort by hand directly in the code and install WordPress. The best thing is to make these changes for people who have a minimum of knowledge in the management of servers and websites and not to rely solely on management to avoid seeing their blogs offline, no remedies.
The first tip is easy to use, is to change the default administrator under the platform for : "admin" is deleted and replaced with something else, because the attack will take more into account mainly by default.
Also begin to change the default table prefix to MySQL WordPress: by default, they are referred to as "wp_", as the "wp_post". To change the prefix is enough to do so during Setup or act directly via phpMyAdmin from renaming all tables with different profile may also be written in more letters from the original. Once go into a file the config.php WP and update the new value entered here as the table prefix.
Now that we have established a number of functions in order to prevent someone continues to attempt to logon, we strive to provide less information, login page, and then click WordPress to change error warns that the inclusion of incorrect values with a more general that he did not understand what the problem is the bad guy!
To do so, open the file functions.php contained in the folder of the theme and add this line of PHP code:
add_filter (' login_errors ', create_function ("," return "Try again, sconsciuto error."; "));
Finally, we moved to our WP-config.php file outside the root directory of the Web space : WordPress settings allow you to automatically search the directory directly above it, so we don't need to worry about a possible failure.
In conclusion, we can say that we now have an additional layer of security to protect important for WordPress, but much of what is done must be on the hosting providers, particularly in the configuration of your server, so make sure that the ISP servers are tested host WordPress and have the necessary security measures at the system level.
Links:
Hostingtalk
Protect from Bot
WordPress plugin WordPress security-Anti-virus
