Fake Digital Currency

WordPress Security 101 – Securing Your Plugins, Themes, and Services

Securing Your Plugins, Themes, and Services

Continued from part 3 of our 5 part WordPress security series.

For web scribblers who use WordPress, security should always come first since news of exploited vulnerabilities crop up with intensifying frequency. WordPress powers 74.7 million websites and is officially the world’s most popular – and most targeted – content management system. So, high ROI of a single WordPress exploit drives hoards of script kiddies to target the platform.

If it isn’t a WordPress vulnerability that sends shock waves through the community, it’s the plugins’ security holes. So WordPress security experts urge all bloggers to install updates to their plugins as soon as they are released.

With that in mind, let’s see how you can protect your blog against vulnerabilities in third-party plugins and services.

Validating Plugins

WordPress plugins are thoroughly vetted for malware before they make it to the repository. But plugins aren’t perfect – security weaknesses can be found in any utility. Treating plugin updates as a low-priority routine is a big mistake since a single unpatched hole can lead to your entire blog getting hijacked.

Things to consider before installing any third-party plugin:

  • Availability of credible user reviews and high rating.
  • Avoid new plugins, as well as those with few installs.
  • Study plugin documentation – is it thorough, detailed, and polished?
  • Opt for plugins from developers with a positive track record of releasing solid work.

Steering Clear of Malvertising

Many blogs monetize their traffic through third-party ads. Unfortunately, some ad services spread malicious code. If your readers find out your blog spreads malware, it’s not your ad service they’re going to blame, but you. And few things are worse than getting caught spreading malware. You can lose your readers and get punished by Google big time. So you need to make sure your ads aren’t malvertising on your behalf.

Here is how:

  • Use only established ad services like Google AdSense or Bing Ads.
  • Install an internal security monitoring solution (i.e., Sucuri, WordFence). That way, even if a popular ad network is infested through an unknown vulnerability, your monitoring solution would identify the malicious code faster than your ad provider.
  • Stay on top of the security news and updates.
  • Be vigilant – if you suspect something is off, deal with it ASAP even if it means taking down your ads until the issue is solved. You may lose a few dollars, but if your ads are spreading malware, you will lose your traffic and reputation.

Potentially Harmful Utilities

Just like you only should install mobile apps and Steam games from legitimate repositories, you want to stick to the official WordPress repository for your plugins and themes.

The Internet abounds in lucrative offers of popular “premium plugins for free,” but the websites giving away such freebies are major malware distributors. These premium plugins were hacked; a malicious code was injected. Whenever you get a premium plugin for free, you voluntarily infect your blog with a virus that’s going to hit you or your users.

So, do yourself a favor and only download plugins and themes from the official WordPress library, and steer clear of offers that sound too good to be true.

Less Is Better

When it comes to plugins, less is better. But many bloggers – especially novices – rush to beef up their sites with a gazillion plugins with fantastic functionality.

The accessibility of plugins almost makes it seem irrational to stick to the necessary minimum only. And yet, you should hold your horses.

A multitude of plugins isn’t conducive to security, nor is it necessary for the smooth operation of your blog. The more plugins you install, the more they chip away from your site’s performance and responsiveness. From the security perspective, each plugin is a security risk with holes yet to be uncovered and patched.

Finally, an excess of plugins makes blog maintenance an updates overkill, and you might skip installing important patches.

Maintenance Tips

Now that you’ve configured your blog properly and installed your utilities, you need to account for maintenance. Things get broken, outdated, or compromised. So you can’t neglect nor underestimate the importance of thorough maintenance and monitoring of your WordPress blog.

  • Uninstall Outdated Plugins

Outdated plugins and WordPress installations contain known vulnerabilities that are patched in the newer versions.

If your plugins don’t get frequent updates or aren’t tested with the current WordPress version, it is always a bad sign. Uninstall them and replace with up-to-date plugins with similar functionality. There’s ample selection of plugins on WordPress repository.

  • Keep It Clean

As your blog grows some muscle, you will add and remove content, plugins, themes, and whatnot. Keeping things tidy – and secure – is a matter of deleting everything you no longer use.

Inactive themes and plugins not only take up space and consume resources but also represent a security risk. Even if you deactivate a plugin, it’s still on your server and hackers can run a script to exploit its vulnerabilities. Instead, delete unneeded plugins completely.

Wrapping Up

WordPress security is not rocket science but a matter of not ignoring what every single security expert is saying – update! Even Equifax owes its hack to an unpatched vulnerability. So, be vigilant and don’t let small things escape you!

The following tips are from part of a 5 part series be WordPress security expert Alex Grant. 

CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in cloud connected technology information, resources and thought leadership services.

Contact us for a list of our leading programs.

How Will Artificial Intelligence Really Impact Jobs?

How Will Artificial Intelligence Really Impact Jobs?

Artificial Intelligence Jobs Hamilton is my favorite Broadway musical. The show follows the life of one of America’s founding fathers, Alexander Hamilton, who went from a destitute, illegitimate child in the British West Indies to ...
The IoT-Connected Car of Today - Cases From Hertz, Nokia, NTT, Mojio & Concur Technologies

The IoT-Connected Car of Today – Cases From Hertz, Nokia, NTT, Mojio & Concur Technologies

The IoT-Connected Car of Today Imagine a world where your car not only drives itself, but also says intelligent things like these: A hotel is just around the corner and you have been driving for ...
Over 100 New Ransomware Families Discovered Last Year

Over 100 New Ransomware Families Discovered Last Year

100 New Ransomware Families The world in 2016 sees a rapid rise of ransomware attacks that are increasingly targeting specific businesses and entire industries. A report by David Balaban for privacy-pc.com shows that ransomware attacks ...
Google classroom

Getting ready for Europe’s new data protection rules

Europe’s New Data Protection Rules Next May, Europe’s new General Data Protection Regulation (GDPR) comes into force, replacing the 1995 EU Data Protection Directive. It ushers in a new era, unifying data protection rules across ...
Advanced IoT systems provide analysis catalyst for the petrochemical refinery of the future

Advanced IoT systems provide analysis catalyst for the petrochemical refinery of the future

Advanced IoT Systems The next BriefingsDirect Voice of the Customer Internet-of-Things (IoT) technology trends interview explores how IT combines with IoT to help create the refinery of the future. We’ll now learn how a leading-edge petrochemical company in Texas ...

CLOUDBUZZ NEWS

SAP Customer Data Cloud Brings Trust to Personalized Marketing Campaigns

SAP Customer Data Cloud Brings Trust to Personalized Marketing Campaigns

WALLDORF — SAP SE (NYSE: SAP) today released SAP Customer Data Cloud solutions from Gigya, the industry’s only solution based on a consent-based data model. The solution helps businesses nurture trusted relationships with customers by providing them more transparency ...
Rackspace Launches Kubernetes-as-a-Service with Fully Managed Operations

Rackspace Launches Kubernetes-as-a-Service with Fully Managed Operations

SAN ANTONIO – May 16, 2018 – Rackspace today announced Rackspace Kubernetes-as-a-Service, a highly-available managed service that transforms the way enterprises can utilize new container technologies, accelerating their digital transformation. Rackspace is focused on delivering true transformation ...
Oracle Blockchain Cloud Service and Financial Services Enable Next-Gen Blockchain Innovators

Oracle Blockchain Cloud Service and Financial Services Enable Next-Gen Blockchain Innovators

Students Tackle Real Problems and Succeed in Blockchain Challenge In an effort to accelerate blockchain innovation in Financial Services and other industries, Oracle recently joined academia and banking industry leaders as part of the Carolina Fintech ...
The Lighter Side Of The Cloud - Fear Of Heights
The Lighter Side Of The Cloud - Going Viral
The Lighter Side Of The Cloud - Recovery Experts
The Lighter Side Of The Cloud - Whatever Happened To Alone Time?
The Lighter Side Of The Cloud - Hydro Cancellation
The Lighter Side of the Cloud - Procurement
The Lighter Side Of The Cloud - DNA Storage
The Lighter Side Of The Cloud - The Letter "G"
The Lighter Side Of The Cloud - Easter Egg Hunt