Eight ways to increase security for your WordPress site

In today's open source roundup: Eight things you can do to help protect your WordPress site. Plus: Does using Tails make you a target for spying? And Wireshark 1.12 has been released


WordPress is one of the most popular blogging tools ever created. Thousands and thousands of sites use it every day, which unfortunately makes it a high profile target for the bad guys. eWeek lists eight things you can do to help increase the security of your WordPress site.

According to eWeek:

In multiple incidents in the last year, self-hosted WordPress user sites were attacked and leveraged as a basis for attacks against others. In March, the pingback URL tacking feature in WordPress was abused in a widespread attack. In June, attackers took advantage of flaws in the Timthumb image-processing library plug-in. Here are guidelines to help users limit security risks in WordPress.

Keep server software updated

Enable automatic WordPress updates

Keep plug-ins and themes updated

Use SSL for logging in

Use two-factor authentication

Use WordPress security plugin tools

Use DDos checker

Follow the official WordPress tips about how to harden your WordPress site

More at eWeek

There are some very good tips in this list. I use WordPress for my own blogs so it's given me some food for thought on how I can better protect my own sites. I'll be checking my blogs shortly to make sure that I've set things up appropriately to help keep them as secure as possible.

One tool that I'm currently using that you should consider is WordFence. It's a free plugin that also offers premium security features if you need them. It has a 4.9 out of 5 stars rating on the WordPress plugin site, so it's clear many people (myself included) really like it.

In addition to the security features, it also has the benefit of including a firewall that can be very useful in limiting or restricting access by bots to your site. You can limit them or ban them for a specified period of time. This can be helpful if your WordPress site is targeted by scraper bots as one of mine was at one point.

Does using Tails make you a target for spying?

Computerworld thinks that using Tails might make you a spy target, and speculates on the vulnerability of the Tails web site.

According to Computerworld:

If I ran a spy agency, the users of Tails Linux would be among the people I most wanted to spy on. Simply by using Tails, they have declared to the world that they want to hide something. As a spy, I would try to trick people into downloading a spyware-infested copy of Tails.

A great way to do that, would be to create a scam copy of tails.boum.org. An evil twin, if you will. One of the tools in the catalog is called HAVOK. It is the second item on page 8 of the document. HAVOK does "real time website cloning with on-the-fly alterations."

More at Computerworld
1 2 Page 1