WordPress Security more important than ever!

Recent revelations have disclosed that with WordPress reaching record numbers in popularity, the threat of hackers and those who have nothing better to do than infringe and impose on the hard work of others has increased.Greetings from Allan at MindVisionmedia.net and I hope this post finds you all well!
Over 75 million websites now use WordPress, that’s pretty impressive for an open-source development project that started out as a tool for Blogger’s!

In a recent article by Imperva, WordPress sites are attacked almost 25% more than any other CMS. Why is that you may be asking, part of the reason is because it is a free tool accessible to not just fortune 500 companies and high-level entertainers, but also to the everyday Joe and Jane who know nothing about websites and may not be Internet savvy enough to know the dangers of starting a website or Blog.

Of course its safe for the most part, but there are hidden dangers lurking just behind all those cute little pictures, graphics and stories on your website or Blog.
Anybody can copy and paste some images or install a plugin to put up a website. But far too many users don’t research or know what the risks are once you open up your life and the life of your visitors and users to the world. Self-proclaimed webmasters often think they have it all down pat, that they don’t need to know anything other than copy and paste, that they don’t need advice or skills beyond that but many have learned the hard way and continue to do so.

According to research, alerts and articles from companies like Imperva and Wordfence, attacks are on the rise partly because of the relaxed, comfort mentality many feel once they set up a website. I am here to tell you there’s more to a WordPress website than having a pretty site with bells and whistles. Not only do you need to know about other skills like HTML, CSS and PHP as well as server-side functions and settings, but having a broad knowledge of security is a must in today’s Internet driven society.

Otherwise it’s not a matter of if, but when you will be compromised.
WP experiences 60% more XSS incidents which is a type of security vulnerability which allows attacker’s to inject external client-side code on a website. 48% of all attacks are against retail-type applications, Blogs with many users and login functionality suffer almost 60% of these attacks and more than 60% suffer an SQL attack. Comment spam remains a major thorn in many a side too these days and it can be a nightmare to get rid of if it infects your database and user tables.

What can you do? For one, I used to create passwords that I could remember, but now with so many accounts for this and that, it has become almost impossible for me to remember all of them. Now with experience in matters of site security and helping others with the same, I create passwords that are impossible for me to remember let alone a hacker to figure out, called “strong passwords“.

This helps a great deal but it doesn’t stop there. Changing that strong password periodically helps as well as having good reputable security plugins and themes installed. Old themes and plugins leave cracks in your security so always update right away if the update won’t break your site or have major conflicts with the normal function of your site that is. If so, search for an alternative but know that occasionally it may be best to eliminate that conflicting plugin altogether.

Always research the update to know before hand if a conflict is expected, check the log files and change log of that plugin or theme to see exactly what they changed. In some cases as with the popular Responsive Theme in recent updates, an update can break your site and cause all types of problems. Also, install an SSL certificate if you do a lot of e-commerce or user registration, this will help protect valuable personal information from you and your customers and registered users.

Your web host should be reliable and accessible 24/7 to address issues with security and also provide updates and notices about current threats. They should provide you with information about their efforts to fight such threats openly and in a timely manner. After all, one site can infect an entire server so it is in their best interest to educate and work with their clients to ensure everyone is protected.

And don’t forget, keeping your personal computer safe is part of maintaining a website too, an often overlooked aspect of site security. if your computer is infected and you are uploading files to and from your site, guess what, you’re spreading the infection! Other than that, always keep a recent backup of your site and database in case of the worst scenario.

By
Allan Whitney
Owner/Administrator
MindVisionMedia.net

WordPress – Still Getting Comments – Here’s Why!

WordPress has established itself as the most popular CMS available today! Used by fortune 500 companies, celebrities, municipalities, major news organizations and the little guy or gal, it offers robust features, versatility and social media integration. But it has it's vulnerabilities also and one must be diligent to prevent WordPress from becoming a hackers dream.

When it comes to comments, unless you are running a Blog and are willing to moderate and manage the numerous comments and maintain a good level of security against comment spam, you'll want to disable comments on your pages and posts. This is accomplished easily by going to the Discussion settings  under the Dashboard label of Settings, and de-selecting the first 3 check boxes. Typically this works pretty good, but you may not be done!
If you do this after the fact, there could be pages and posts in your site or Blog that may have already been created that have comments enabled. This setting located in each individual page or post as you create it, overrides the settings under the Discussion menu.  To see this option as create a new page pr post, click on the screen options tab at the top of the page or post editor and check the box for "Discussion". This will show options at the bottom of your posts to either allow Comments or not. You can now make sure that comments are turned off for that particular post.
There is a quick way to do this, especially if you have a lot of pages. Click on "Pages" in your Dashboard, this will bring up a list of all of your pages (the same applies to posts), click the top check box above the list next to the word Title to select all, click the bulk actions box and choose Edit from the drop down, then click apply. 

A new window will open allowing you to select options for the entire page list you selected at once. Disable comment, and Trackbacks and Pingbacks if desired and save your settings. you just disabled comments on all pages you selected with one click.

Go to the next page, select all again and do the same thing until you have disabled all comments on all pages and posts in your list. Now you have absolutely turned off comments and no individual page will override the main settings. 

Looking good so far, but wait there's more! Few people know or notice, that WordPress, by default enables comments on all of your Media files you upload to WordPress. Thats right, after all we've done so far to disable them, there is still a "Back Door" vulnerability in WordPress to receive comments.

Unfortunately, there is no bulk actions option when dealing with media files. Why they didn't put this ability or option in the newest version I'll never know. But you will have to manually edit each media file to turn off comments. A tedious task if you have a lot of images. I recently discovered this back door vulnerability and experienced some comment spam on my site. 

Now I have truly disabled ALL comments on my site for pages, posts and media files and the comments have finally stopped. Of course there are some plugins out there to help but I wanted to make sure they were all turned off myself.

Be aware that when you create a new page (or post) or add new media files, you'll have to double check to make sure there are no options set to allow comments. There are ways to edit the core files and turn them off from the core, but that is an extreme measure if you are not sure you won't want comments at a future date. I didn't have to go that route and I am happy with the results from doing it the way I described above.

WordPress will never be free of hackers, spammers and the like, so again, if you don't want to deal with comments because you are just too busy (like me) or you are not running a blog or discussion site, use the methods described to put a stop to it, once and for all, but with the option of turning them back on if you desire later on.


By
Allan Whitney
Owner/Administrator
MindVisionMedia.net