Yesterday’s LockDown WordPress: Security Tips from Sucuri was an incredibly eye-opening time with Sucuri CEO and Co-Founder Dre Armeda and his awesome team.
The reasons WHY you need to do this should be pretty obvious (you don’t want people thinking you sell Viagra, do you?). It is, however, important to know HOW hackers manage to attack your site.
Malware (short for “malicious software”) is a major security issues for website owners, with WordPress sites being especially targeted.
According to Dre, Malware is a software designed to disrupt computer operation, gather sensitive information or gain unauthorized access to computer systems. Staggering malware statistics have been reported including “over 2 million new malware strings reported monthly (McAfee)” and “a cost to US consumers over 2.3 billion in 2012 (Consumer Reports).”
According to Dre, there are a number of ways hackers get into your site, including:
- Conditional Redirects
- Pharma Hack (SEO poisoning)
- Make sure you are secure locally – Keep your computer up to date and install an anti-virus solution
- Make sure you are connecting securely – Use an SSL whenever on an unverified connection, consider using sFTP whenever possible
- Check out your hosting company - How many blacklisted sites do they have or are infected with Malware? Cheapest isn’t always best
- UPDATE UPDATE UPDATE - It’s important to have the most recent version not only of WordPress installed, but also of all your plugins
Presentation Slides: http://sucuri.net/WP-End-User-Security.pdf