After reading what Fusion Alliance wrote about Information Security and writing what I did about WordPress Security, I thought I’d write a bit more about how we keep our client’s WordPress web sites secure here at Erich Stauffer.
WordPress is updated regularly to address new security issues that may arise so we’re always updating our client’s to the latest version to keep them secure. Since version 2.7, WordPress has featured automatic updates and the WordPress Dashboard lets us know when the updates are available.
One of the most common attacks against a WordPress web site is HTTP exploit payloads for specific vulnerabilities in outdated plugins. Plugins are add-on software that runs on top of WordPress. Think of WordPress as the operating system and plugins as the programs. If you’re not using a plugin, delete it from the system.
If your WordPress theme uses custom scripts to render thumbnails or other images they might be susceptible to being exploited. This happened to one of our web hosting clients who purchased a theme they were using on their WordPress web site. A hacker exploited the vulnerability and used our server to begin sending out spam before it was stopped.
Secure FTP (SFTP)
We use secure FTP (SFTP) to transmit files, which means we protect our server passwords while transmitting your files on the Internet. If you’re still using regular FTP, you’re sending your password via plain-text over the Internet, which is like using a post card to send your credit card information to someone.
In the event that all of these security steps still lead to a problem with our client’s site, we make local backups of all of our client’s sites and because we use two web hosts for our web hosting, we can restore those backups on another web host in order to keep your web site up in the event of a problem.
If you’re looking for an experienced WordPress web designer and WordPress web host in the Indianapolis area, contact Erich Stauffer at 317-572-7521.