Protecting your WordPress Site from Exploits and Hackers

WordPress itself is fairly secure in it’s more recent versions, but there are still some ways you can “sure” up your WordPress site a little to to help avoid malicious scripts being injected by hackers, admin being hacked and other bad things that could potentially happen.

Today I am going to mentioned a few extra steps you can take to secure your WordPress site a little more.

1) Add a directory password to your wp-admin directory

this is one of the best ways to ensure no hackers gain access to the back end of your WordPress site. Yes it is a little bit of a pain for you or your site admins to have to enter in the login for both the directory and then the WordPress admin login, but this simple step adds an extra layer of security. If your hosting runs Cpanel, it’s very easy to do via Cpanel

http://www.siteground.com/tutorials/cpanel/pass_protected_directories.htm

2) Limit Admin Login Attempts

another step i suggest is to install the Limit Login Attempts plug-in for WordPress. This module sets a limit to the number of times an admin account can be attempted to log in, then blocks access to the person for a period of time. This is a great way to stop brute force attacks to try to get access to your admin for WordPress.

http://devel.kostdoktorn.se/limit-login-attempts

3) Use a word press scanner and security checking plug-ins

There are several WordPress “exploit” and “security” scanners that can scan your site files for malicious code injected by a hacker, as well as give you security reports on your site and how to fix them.

Secure Wordpress: http://bueltge.de/wordpress-login-sicherheit-plugin/652/ is one that i use that i find very helpful in securing the site.

• Little help to secure your WordPress installation: Remove Error information on login page; adds index.html to plugin directory; removes the wp-version, except in admin area.
• removes error-information on login-page
• adds index.php plugin-directory (virtual)
• removes the wp-version, except in admin-area
• removes Really Simple Discovery
• removes Windows Live Writer

TimesToCome Security Plugin: http://herselfswebtools.com/2008/06/wordpress-security-plugin-block-scrapers-hackers-and-more.html – this one helps stop hackers from using injection scripts to hack into your wordpress and put in iframes and other nastys

Make sure to visit the authors blog to update your list of blocked request types etc.

4) BACKUP BACKUP and then BACKUP Again!

make sure to do backups of your site OFTEN (i do mine once a week) so that if disaster does strike, you have a backup you can restore. There are some good plug-in’s to do a file and database backup of your site, but personally I prefer to do it manually (using my hosting control panel to create a zip file of the site and downloading it, and using phpMyAdmin to download the database.

So there you go, a few tips to help make sure your site is secure and you can also recover

What Type Of A Website For Your Business?

Depending on what kind of business you run, as well as what type of actual web site design you wish to have to represent your business online, you will need to plan out the sections needed for your web site design. Depending on the purpose of your company’s web site, you will need to have sections such as biography or company background, portfolio pages, contact pages, company staff or directory pages, services or products pages and more.. the sheer amount of possibilities for content of your site can be almost as overwhelming as the design process itself.

When I work with a client to plan or map out their web site design strategy, the first step for me is always a simple one… what is the main goal or purpose of the website.. and to break that down, it is simply a question of will the site be meant for providing information to the visitor about the company and it’s products or services, or will the web site design be geared more towards as e-commerce web site design, where the web site will function as an online commerce site to sell products and / or services on the web.

The Informational Web Site

The main goal of an informational web site is basically to act as a digital on-line portfolio for the business. To provide some background information on the company, information on the services or products they sell or provide, and give a means to contact them regarding sales leads and customer support.

An informational web site is usually developed using a CMS (Content Management System) such as Joomla or WordPress, but sometimes the site can be custom coded in flash, html, php, asp or a combination of any of these technologies. Informational web site designs are usually well suited for “trades” type businesses, such as landscapers, business professionals, schools or even clubs, as they generally do not have a tangible product to sell, but rather a service.

A typical informational type web site design may have the following pages and features:

• Home page with a welcome message, brief summary of the services or products or background on the company
• Company Information / About us page that has more details on the history of the company
• Services / Products pages that detail the services or products the company offers it’s customers or clients
• Portfolio page which has  samples of work done for pasty clients
• Testimonials page which would usually show  feedback about the experience past customers had with the business
• Contact Page which allows the visitors / clients / customers to contact the company

The E-Commerce Web Site Design

While the informational web site’s main purpose is to bring in sales leads and inform customers and potential customers about the products and services offered, an E-Commerce web site design’s purpose is to not only provide this information, but also entice the visitor to purchase a product or service, and pay for it online on the web site. Usually e-commerce sites offer tangible goods that are shipped to the customer, but I have had some clients who sell “services” in an e-commerce format as well in the past.

There are many open-source and commercial e-commerce platforms available in the market to choose from, some of the more popular ones are osCommerce, OpenSourceCart, ZenCart and Creloaded. Each has it’s own benefits and pitfalls, feature sets and scalability. Choosing what package to use is often a tricky balance between cost, scalability and features built-in.

Typically an E-Commerce web site design will have the following pages and basic features

• Home page which may provide some welcome information, company information and perhaps sale products or featured products for sale
• Company information page with background information on the company
• A products catalog which has categorized products the visitor can browse
• A shopping cart which allows the customer to add items to a virtual “basket” and then “check out” and pay for them
• Other e-commerce related information pages such as terms and conditions, shipping and ordering information / guidelines

So there is the basic breakdown of the two main types of web site designs for a company. Informational sites are meant as a portal to inform and educate the visitor on the company and it’s services, much like a digital brochure, while an E-Commerce web site design is geared more towards actually selling products online to consumers.

Open Source and Web Site Design

Where the code used to develop your web site comes from, is something that should not be overlooked when you are considering having a web site design created for your company, group or organization. Where the code your web developer or web design company chooses, can actually affect the price you pay for the development of your web site. There are  3 main avenues of code sourcing to consider when planning for your web site design. You can have custom code written for your site, you can go with a 3^rd party company’s proprietary code/software or you can choose to use an open source solution for your web site design and development.

In my personal opinion I think it’s best to always go with an open source solution…