With GDPR now only a month away, businesses across Europe are gearing up for what will potentially be one of the biggest shifts in data privacy laws since the 2003 CAN-SPAM Act.
Securing your WordPress website:
There are more than 100,000 known vulnerabilities that can be exploited by hackers to extract customer data, plant crypto-mining software, or even setup hidden form fields to steal credit card information users have saved in their browsers.
Brute force attacks:
- Brute force attacks are a method used by hackers to obtain login information to websites, such as usernames, passwords and PINs. Typically conducted using Automated Software, a brute force attack generates a high volume of consecutive guesses to both the login and password field.
- While having a strong password is always encouraged, it alone may not be enough to prevent a brute force attack. There are some things that you can do, however, to minimize your risk.
Customize login page URLs:
Generally, the login page URL for a Wordpress website is /wp-login.php or /wp-admin/, and an automated piece of software can guess this. By renaming the URL to something more unique, automated software may not be able to find the page to begin the attack in the first place.
Use SSL to encrypt data in transit:
While SSL and TLS don’t wholly secure a website, they do secure user data as it travels between the user’s browser and the website server.
Again, this can be installed with relative ease through Cloudflare’s WordPress integration and its SSL offering.
Google also sees HTTPS as a basic security step that websites must take in order to protect users, and in the Chrome 70 browser websites not on HTTPS will be flagged as not secure by standard.
Securing your database
- No matter how secure a website is, keeping and maintaining regular database back-ups is an essential best practice that should be part of any webmaster’s processes.
- There are a number of free and premium solutions ranging from VaultPress, BlogVault, and Backup Buddy, all of which are viable options, and the chosen solution should be adequate to the business needs.
Regular housekeeping and updates
Themes and plugins are the backbone of any WordPress website, but they can easily become security threats if they’re not updated and maintained regularly.
Not updating your themes and plugins can mean serious trouble. Many hackers rely on the mere fact that people can’t be bothered to update their plugins and themes. More often than not, those hackers exploit bugs that have already been fixed.
Source: www.iThink.co
