Monday, 11 June 2012

Secure WordPress: Prevent Spam And Malware

Websites can become infected or compromised the same way a personal computer can, and neglecting to protect your WordPress installation from security exploits and malware can be catastrophic for your business. Not only can your sensitive data be accessed, but Google can detect if your website is infected and will de-rank it to avoid spreading viruses to consumers.

Also Read - Benefits Of Antivirus
Keeping WordPress Secure and Malware-freePreventative measures
Before worrying about securing WordPress, the first step is to take care of the computer you use to administer the site and access your FTP. In fact, any computer that has access to your website or FTP needs to be completely clean and malware-free at all times, install a reliable anti-virus monitor and perform scans regularly. Use a different computer for downloads, especially from unidentified sources. Also remember to keep your computer and your applications up to date.

Be picky about plugins
Plugins are at the heart of WordPress functionality and many webmasters rely on them for major portions of their sites, but shoddy coding can open up exploitable vulnerabilities. When installing plugins verify the identity of the developer, don't install anything with poor reviews and compatibility issues- plugins that haven't been updated in a long time can also be unsafe. Try to use plugins developed by trustworthy teams and agencies with a credible brand.

Use a trusted theme
Messy code in a theme can be just as dangerous as anywhere else, so be sure to use a theme created by a professional designer- you can use a plugin called Theme Authenticity Checker to look for vulnerabilities or fishy elements. If you hire a contractor to create a unique them for you, run through the code yourself if you are familiar with HTML, CSS, and PHP.

Enable a security solution
While it is possible to manually secure your website by fiddling with settings and editing configuration files (specifically .htaccess), it's much easier for most users to simply use a plugin or software solution to secure WordPress. BulletProof Security is probably the most complete plugin available for free, it protects your site against unauthorized access, SQL injections, and many other vulnerabilities. Better WP Security is also a good choice- it can keep sensitive data totally hidden and even encrypted or password protected.
It's also a good idea to scan your site for malware using either an external tool or a plugin like Sucuri Sitecheck Malware Scanner.

Defending WordPress from spam
The most common type of spam you'll deal with using WordPress is almost always in the comments, so using a tool like Akismet to filter comment spam is necessary, requiring approval for comments is also recommended if you have the time for it or if you can assign an assistant to it.

You may also receive spam on your website forms, including ones for contacting you via email or signing up for accounts. To combat this, just require that users fill out a CAPTCHA field when submitting forms.

Update, Update, Update
Keep track of new versions of Wordpress (they make it very easy for you) and update your installation as soon as you see a security release. Old versions of Wordpress are often targeted by hackers and spammers.

Also Read -
How To Get Gravatars in WordPress
Why Move To WordPress

Author: This guest post was written by Vadim Kirichenko from Wisdek. Vadim has been using Wordpress from it's initial days and has faced his share of malware and hacking issues with the platform. He has been able to keep his blog secure for last couple of years by using the right plug-ins and by ensuring that the latest version is used.Read our guidelines to be a Guest Author at TechGau.Org
Gautham On Google+

Get free daily email updates!

Follow us!

Meet the Author

Gautham A S

Gautham A S is a personal tech columnist and blogging expert at TechGau.Org, one of the leading Tech, How-To and Blogging Tips blogs in the world..