Website Security in WordPress

In recent months there have been more website security attacks than I’ve ever seen before.  These attacks have mainly come in two different classes.

Malicious Virus Attacks

The first is just plain old malicious and mean – the type of attack that makes you wonder “do these people have a life?”  These attacks infect other websites which install software onto your computer and destroy it, unless you sale your soul to them.  Typically they will say “this virus can only be removed for X-amount of dollars.”  But these people are more clever so they disguise it. These cause physical damage which you can immediately see.  They may mask your website by giant words and an evil face that says “YOU’VE BEEN HACKED!”

Phishing Scams Attacks

These are very clever people who will inject code into your website which will copy any forms that you fill out, and acquire credit card information, address, telephone number, name, whatever they can gather. What they do with that information is then up to them. The most reason time I saw this was code was injected to the akismet plugin on a website, and created a fake “PayPal” page on the website. eBay then e-mailed use and let us know “a phishing scam is reported at such and such location.” Thank you eBay! We don’t want to be hosting anything bad.

How To Remove a Virus

Unfortunately, because we’ve had our share of experience in doing this, we have some tips to share. The first thing to do is install some antivirus software, that way your computer will not become a host for any viruses. You don’t have to install an expensive one. There is only one free one that I suggest, and it is provided by Microsoft – it’s called Microsoft Security Essentials. Download it here.

One of the main ways that hackers will inject a virus is to a theme where they’ve exposed vulnarabilities. The themes which are attacked most often are the themes which most popular have installed, such as the default WordPress themes. So update your current theme, and remove any other theme.

Much like themes, plugins are also attacked, and the most frequently used plugins are attacked the most. For example, as mentioned above the akismet plugin had fake eBay installed onto it, collecting PayPal information. Keep your plugins updated, and removed excess plugins. By removing the excess, you eliminate possibly entry points of a virus.

Next, there are several different plugins which you can install. I have tried some that others have recommended, and the most basic and effective one seems to the be the antivirus plugin. This will scan your theme and let you know where a line of code that may be a potential threat. Most of the threats that it points our are nothing that will actually cause a problem, but it does find things from time to time.

If you are suspecting anything now, then you can always reinstall WordPress. This does not mean start over, this simply means that update the WordPress files.  This means go to your core-updates and reinstall WordPress right there.

To summarize:

• Install Security Software
• Remove Unused Themes in WordPress
• Remove Unused/ Unnecessary Themes
• Update Every plugin, every theme, EVERYTHING as soon as an update is released.
• Install the AntiVirus plugin
• Reinstall WordPress

via realestatemarketingnerd.com