For the past few months web servers and WordPress websites have experienced an increase of brute force attacks. For web servers under attack this can mean taking many steps to block and prevent the attacks. For WordPress websites it stresses the importance of keeping your WordPress core and plugins up to date, as well as, using the right plugins and tools to keep your website secure.
Keep Your WordPress Core Updated
If your website is built using WordPress then you should be aware of the continual updates for it. These updates fix security flaws and other bugs in the WordPress core. See release notes for WordPress 4.7.3 as an example that fixes several cross-site scripting vulnerabilities and provides many maintenance updates.
Keep Your Plugins Updated
Much like the WordPress core, widely used and popular plugins are updated by their developers. Of course these updates usually revolve around the plugins functionality and user-friendliness. But they are also updated to remain compatible with WordPress and to avoid and security vulnerabilities. Outdated plugins can be used as a gateway for malware to corrupt your website files.
Use the Right Tools
When it comes to the security of your WordPress website there are a few plugins and tools that are really helpful to scan your website, remove malware, fix corrupted files and prevent attacks.
One plugin we use on every website we build or manage is Wordfence. Wordfence is a security plugin that offers a lot of features for free with a few extra features offered for a subscription. Our favourite feature of the plugin is the malware scanner that can be used to find malware infections or other vulnerabilities in your website. As was stated above, this is a plugin that should always be kept up to date in order to keep your website’s security up to date.
Google’s reCAPTCHA system is a great tool to prevent spam users, comments and form submissions. Recently we were approached by a company to fix a spam problem on their website’s forums. After removing the spam users and comments we added Google reCAPTCHA to all forms to prevent further attacks. A few developers have created plugins for WordPress that add Google reCAPTCHA to the WordPress login, registration, comments forms and more. Truly a great addition to every website.