For those of you that own or manage a WordPress blog or website, you are all too familiar with that red alert that comes across when your site has been infected with malware. It was just this past December, 2014 that a virus called ‘SoakSoak’ infected 100,000 WordPress sites alone. This is an ongoing threat and you must take the following steps to keep your WordPress site safe.
1. Your hosting account
Make certain that you are hosted on a WordPress supportive platform. There are many hosting companies such as GoDaddy, BlueHost and WP that offer WordPress specific platforms that have malware scanners built-in. They also do not allow many of the plugins that are often compromised and not kept up to date. Many people opt for the cheapest hosting account they can find and many times, it ends up costing them more money in the end to have to hire us to get rid of malware infections that take their website down. Not to mention the slow speed that goes along with a cheap, inefficient hosting account.
2. Security Plugins
There are many plugins we recommend and one of them is now installed by default on the better WP enhanced hosting accounts. The main plugin is called Limit Login Attempts. This plugin does not allow the malware bots to continuously try and login to infect your site. Another favorite is WordFence Security. This will scan your site and email you if any suspicious activity has taken place.
3. Software Updates
This is where it can get tricky. Keeping your WordPress version, and all related plugins and themes updated is one of the best defenses against a malware attack. Each version of software that comes out addresses not only enhancements and features, but more importantly, security updates. But the tricky part is that if you have a highly customized WordPress theme, it may break part or all of the theme functions when the core WordPress software and/or plugins are updated. So if you are using a highly customized or custom theme, contact your developer when doing major updates to make sure the theme files are also updated so nothing breaks.
This all sounds like too much trouble. Why use WordPress?
Because it’s the best blogging and content management system out there. Sure, you can use a custom content management system and avoid some malware attacks. But try updating your custom software when you can no longer find the person who developed it. WordPress is updated for free. It’s open source which means that any of the hundreds and thousands of programmers out there who know WordPress can work on it. So it’s more flexible than any other content management software around.
If you don’t want to try this at home, hire us to do our WordPress software, plugins and theme update for you!