Testing out a new verification plugin!

General WordPress Security Tips

Why does my math not work!?All righty folks. It’s time to get serious for a minute.

You all know WordPress, right? Well, it’s been under pretty continuous attack from script-kiddies and such since it came out.

That said, the last few months have been particularly bad. There are several attacks happening that will absolutely wreck your WordPress site.

I could go into gruesome details on how it infects your site (I’ve been stuck inside of borked websites, including our own, for the past week or so now), but let’s focus on prevention, shall we?

1. Update All The Things. Seriously, just make sure everything is updated. If you update a plugin and it breaks, it’s easier than rebuilding your websites from scratch or digging through javascript files and individually pulling out broken up gzdecode patterns–


Update your stuff. It’s the only free way to be sure. The WordPress plugin, JetPack, has an automatic plug update feature. USE IT.

2. Create Strong Passwords. They don’t have to be something like HdhSi9(*[email protected] or anything. Just make it something memorable like: wordpress_Is_Killing8Me! Please don’t use your children, pets, or birthdays in your password. I like to do a little trick sometimes where I ask people a couple questions then tell them what’s in their password. People usually change their passwords after that. wink emoticon

3. Sucuri Security (specifically Sucuri Firewall). Sucuri is a great security plugin package for WordPress. I mean, it’s pretty good, but the REALLY good piece is Sucuri Firewall as it proactively blocks hack attempts. It does cost money though, so there’s that.

That’s pretty much all there is to it. #1 & #2 should keep you quite safe, but as you grow #3 would be a good investment.

As usual, feel free to ping us with any questions!

— Mike

One thought on “General WordPress Security Tips

Leave a Reply