15 ways to protect WordPress against malware

Posted: June 21, 2012 in Blog Tricks, HTML, Security, Technology, Virus Gurad
Tags: , , , , , ,

The popularity of WordPress plays against him in some respects. The fact that  time more companies using WordPress for their official websites, e-commerce platforms and corporate blogs makes our dear WordPress is target of attack from hackers.

And the most common way that hackers use to control a web site often introduce malware into the code, so that they can get management permissions, and thereby access to all data of the web for their uses, usually fraudulent.

I have already spoken on other occasions of some measures to ensure WordPress, but today I want to make list of basic, a reminder, to protect from malware to WordPress.

Let it…

Change passwords on a regular basis: not just the WordPress but also those of FTP, PHP myAdmin access and even the access to the control panel of your hosting provider. You can help in a plugin to force change password in WordPress, the rest is up to you. The ideal is that you change your keys at least every month, and always use good passwords, of at least 12 characters including uppercase, lowercase, numbers and special characters. For this last I usually use an automatic password generator for Mac but you also have web utilities like this.Ensures the installation of WordPress: take advantage of the many good plugins to ensure WordPress.

There are many and good, and find the perfect combination will make your WordPress more secure.Updated all: do not trust plugins and themes without updating or that they have long without a review by the developer. Many plugins and themes used scripts may be hacked to include malware, so start there. One of the advantages of the themes and plugins premium (for payment) is that the developer takes on a commitment to update and care for their customers, so updated their products to make them safe.

Also secure option is to always test plugins and themes from the official repository, since they are also subject to a review process. Of course, never download themes premium (or not) from P2P networks by save a few euros, hence I assure you that in 99% of the time you’ll find themes and plugins with injected code that you put in trouble.Backup: always, do not leave to chance the fact that one morning you have to visit your website or blog and discover that you can not access or that have injected you malware.

There are many good plugins to back up WordPress, in addition to hosting providers backup utilities. There are also utilities to make backup of WordPress in Dropbox.Clean the wp_options table: this is one of the most delicate database tables, where are settings and access of WordPress information, so this table of everything that usually on clean. I wrote a guide to keep clean the wp_options table so use it regularly.Change path of the file wp-config and the folder wp-content:

long since several versions is possible to change the path of the file wp-config.php and the folder wp-content. The file wp-config.php is one of the most dangerous because it contains the information of access to your database.

the folder wp-content contains plugins, the theme you use and many plugins and scripts, as well as cache, configuration files so it is good idea eliminate obvious paths to avoid prying.Protects the .htaccess file: another vital any installation files, containing settings and roots of all kinds, which moreover is loaded before anything else, is the Apache file. htaccess. So is not over protect it, thing that it is also very easy as I explained in the article of how protect the file.

htaccess.Use the file .htaccess as extra protection: If you’ve already protected the same .htaccess file can protect WordPress from the file .htaccess with a lot of instructions that must avoid you more than one annoyance.Not give free information: avoid at all costs “meta” tags and HTML report the version of WordPress, eliminates the “readme.html” file, delete the file “wp-admin/install.php” and anyone else to provide information on your WordPress installation.

Change the paths to WordPress: another way to interfere with the automatic access is changing the usual paths of WordPress. If it is just not the Summum of security but avoids, once infected, actions automatic scripts of malware, usually operating on routes predefined by WordPress.Limited access attempts: in other words avoid automations of malware is to limit failed access attempts. For this, you have a few good plugins.Change the “salt” of the file wp-config.php: WordPress 3.0 from the file “wp-config.php” includes a lot of “salts” of security, as a measure to protect your WordPress.

In the same file path you have to choose a new string and change them. Do it from time to time, because thus you  log off of permanent access, something that use quite a few malware codes.Monitors changes in WordPress files: you can help in fantastic plugins to monitor changes in the files of WordPress that could mean an injection of malware code.Configure security alerts: there are many web services that offer alert system to alert you if your site is compromised by malware or code injections.

Many are quite competent and free so sign up in one, they will enhance your control of security of WordPress.Create an account at Google Webmaster Tools: Google, in addition notify you of updates of WordPress webmaster tools you will be informed of injections of code and how to remove them, in addition to that it is the place where removing warnings of malicious site, I hope that after these tips not see ever in a web of yours.

And up here. These tips are not all possible, but if you are useful to protect WordPress from malware and other threats.

 

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s