OPINION – Liquid Web, a $100 million web hosting and cloud services provider, claims that more than 750,000 WordPress websites worldwide are potentially vulnerable. Liquid Web’s CTO, Joe Oesterling, urges WordPress users to help prevent website attacks by addressing five critical areas of security.
Author: Joe Oesterling, CTO of Liquid Web
Mr. Oesterling recommends a few simple steps to help hinder hackers. WordPress users can make sure their websites are safe from vulnerabilities by addressing the following five critical areas of security:
Website Security
“The most important thing you can do to protect your WordPress site is to keep your software up to date. Compatibility concerns often influence administrators to take the wait-and-see approach. Instead of acting quickly, they may keep an eye out for issues flagged before updating an older plugin. In reality, timing is critical and updates should be applied as quickly as possible. By default, WordPress will apply security updates, but plugins and themes need to be updated regularly by the administrator.”
Dashboard Security
“Hackers like to target the path of least resistance, so it’s important to increase security on your login page to repel these automated assaults. By restricting IP access, installing password protection and limiting login attempts, administrators can double the number of credentials needed to login and reduce the number of password guesses, making a would-be attacker’s work more difficult.”
User Security
“Enable two-factor authentication. Most sites already use this, and its widespread adoption rate keeps growing because it works. It requires users to log in with a one-time-use code tied to a personal device in addition to their user name and password. Requiring a minimum password strength and enforcing password expiration for users are common ways to prevent attacks. WordPress admins can enable these additional security measures through plugins.”
Code Security
“Secure your code by putting your site to the test regularly using security plugins and most importantly, employing CAPTCHAs (Completely Automated Public Turing Test to tell Computers and Humans Apart) on every form. While these automated form filters can be annoying, they are effective and can severely limit damage that can be inflicted by site attackers.”
Server Security
“All WordPress files and folders should have proper permissions and ownership; this basic step is often overlooked. Applying these controls can deny attackers the ability to upload malicious files and execute code that can compromise not only your site, but your server as well.”
About Liquid Web and Joe Oesterling
Liquid Web, a $100 million web hosting and cloud services provider that’s part of the Madison Dearborn Partners family of companies. Madison Dearborn Partners is a private equity investment firm based in Chicago. With over 30,000 customers spanning 150 countries, Liquid Web has been recognized among INC Magazine’s 5000 Fastest Growing Companies for the last ten years.
Since June 2015, Joe Oesterling has been Liquid Web’s CTO – overseeing all growth enabling activities while leading Marketing, Products, Engineering, and Development efforts “with an entrepreneurial mindset.”
