WordPress Security

When it comes to anything involving the internet and the web, security should be taken very seriously. Without getting this right, you can have many undesired consequences to your company, your clients, your website, and potentially a large number of legal issues too. In this chapter I will briefly go over a number of these problems that could impact you.

Without the best security practices for WordPress in place, you run the risk of your website getting hacked. I have seen many situations during my time as a Web Developer and as a Technical Analyst at a Web Hosting company, where websites have been hacked causing a number of problems.

A very common thing you see is that hackers take control of your website and use it to run illegal scams by having their illegal content on the website, and then sending their victims to that web address.

If your website gets hacked, you will be blacklisted from search engines such as Google and people will get a security warning when visiting the web site and will not be able to access the site. Your hosting provider may ban your website from their servers too, and you could also run into legal trouble if you do not get the issue resolved.

Recovering from a hacked website can be a long and stressful process. You’ll need to either build your website again from scratch or restore from a backup to a time where the hacks wasn’t present. You’ll have go on a number of governing body website and request your website be removed from blacklists once the issue is resolved.

“It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.”

The list of potential problems that can occur from getting your security wrong for your website and server is beyond the scope of this book. And all of the technical aspects to prevent issues is too long and detailed to really get deep into in this chapter. However, I will provide a brief overview of some of the things you can do to keep your website safe.

You need to be making regular backups so you can resolve and issues with your website that might occur such as it being hacked. You need to have SSL installed, use strong passwords, keep your WordPress website up to date, install a Web Application Firewall, ‘Harden’ the website to protect against certain vulnerabilities, and make sure you follow as many best practices as possible.

There are many detailed guides on these topics that you can search for online and research at your own leisure. Cybersecurity is a very deep and complex Computer Science topic, but it is important you get the best practices right when building your website.