Website Security and WordPress Attacks

IMG_3181Many of us at ProfHacker rely on WordPress. I use it for everything from managing my academic web presence to hosting online course materials and communities. This means I have a lot of out-of-date sites that serve their purpose for one semester and live on only as archives. Ever since WordPress 3.6 came out (ok, and for a year before that) I’ve been planning on taking a day to update all these installations and manage my server. Last week, I opened my email to find a message from my hosting provider entitled “WordPress Attack.” I checked my website and realized the scripts had been shut down entirely. Thankfully, it was before the semester started

Amy’s written in the past about securing your online life, which can be quite involved for people like me who live “in the cloud.” Here are a few tips for securing your website:

  • Manage your passwords. Faced with the task of updating several years worth of outdated sites, I realized I’ve been changing passwords regularly and jotting them down on post-its and scrap paper. As I sorted out all my security, I noted each new password in a dedicated notebook to keep everything in one place. For the more ambitious, Amy has advice on using password managers.
  • Update regularly. Just like your home operating system, WordPress and other content management systems are regularly updated with new features–and new security fixes. Setting a regular interval to run updates on all your sites can save you a lot of repair work later.
  • Add security. The attack that shut my site down wasn’t very sophisticated: it was a brute force attack, going after the log-in page over and over again. Using a plug-in to limit log-in attempts can help. There are also more targeted solutions, such as BruteProtect.
  • Keep Backups. WordPress has a great internal export tool for keeping your material, which is particularly important for anything you want to preserve long-term–like a course that you might teach again or a part of your tenure dossier. Consider automating it with a plug-in like BackUpWordPress.

What tools and steps do you take to secure your online materials? Share your tips in the comments!

[CC BY 2.0 Photo by Flickr User Youngthousands]

Return to Top