Business Information Security – Cybersecurity Services

8 Security measures that you should take immediately in your WordPress

Rosalía Domínguez Díaz  // 04 October  2018

When we talk about the content manager, the first one we think about is WordPress. This platform is among one of the most used worldwide. It is estimated that 30% of the total web pages of the world are created with WordPress.

The fame of WordPress has generated that the majority of the hackers take advantage of the carelessness of the administrators to achieve attacking the platform. From the WordPress community they offer periodic reports with software vulnerabilities. These problems are usually solved by WordPress itself but it is also worth mentioning the possible security problems that may arise from the simple use of the platform.

From R3 CyberSecurity we give you the following tips to keep your WorPress account secure:

1. Do not use the user admin

If you are one of those that has the administrator user name (By default it was configured like this when creating our WordPress) we advise you to change it quickly.

Before an attack, the account that is in the crosshairs is that of the administrator, and for someone who has handled WordPress, their first attempt will be directed to the user admin or root.

2. Use more robust and less predictable passwords

Use complex passwords, with at least 10 characters and combining uppercase, lowercase, numbers and symbols ($, &, € …). The longer and complex the password, the more difficult it will be for any person, computer or program to obtain it.

In addition, it is recommended that you change it periodically. Plugins like “Expire User Passwords” it forces all the users of our WordPress to change the password every 30 days.

You can follow all the tips of our CISO, Javier Calatrava

3. Change the WP_prefix of your WordPress tables

Do not forget to change the default table prefixes of the WordPress installation, as the prefix wp_ will be the first one that the hackers scripts try to try to access your website or blog.

It is not a complicated process, you can do it with plugins like iThemes Security

4. Keep the updates tab always to up date

The non-updated versions are usually the most attacked. When the developer of a plugin or a template launches an update, in addition to aesthetic improvements usually incorporate corrections in security problems.

WordPress has an automatic update system, but you should still regularly check the updates tab since the heavier changes sometimes require a click on our part. Pay special attention if you have security plugins and if you do not have them we recommend a few:

– Better WP Security


– Login Lockdown

– BulletProof Security

Escape plugins that have not been updated for a long time or that no longer have new updates. Also, delete the plugins and topics that you do not use.

5. Install only plugins and themes from trusted sites

There are portals that offer themes and plugins for free, do not be tempted because in many cases these sites incorporate their own code downloads, which are malicious and become security holes.

6. Protect your comments

From the adjustments / comments tab, select the option to pre-approve each comment, in this way you will avoid spam and the proliferation of malicious code in the comments.

Remember that you can also add rules that automatically mark as spam certain words that are commonly used in “dangerous” comments.

7. Use secure folder and file permissions

By default, WordPress assigns read and write permissions to files and folders, which can sometimes be modified automatically by some plugins or by uploading documents yourself.

– Files: 644

– Folders: 755

If they have more permissions it could become a source of vulnerabilities.

To change it, you only have to access the Panel file manager

8. Backup

Do not forget to make periodic backups, they can save your life. There are plugins like BackWPup that will help you automate this step, with options such as saved in the cloud, Dropbox, Google drive …

Rosalía Domínguez Díaz  | Human Resources Consultant in R3 CyberSecurity

Comparte el post con tus amigos




Conoce todas las oportunidades profesionales que te permitirán alcanzar tus metas personales.

R3 Ciberseguridad

© R3 CyberSecurity