Severally elapses blog my friend strikes hack, maybe this article benefit blogger who utilizes wordpress to increase security. This article I take from moses writing at wpthemesplugin.com hopefully utilitarian. follow the simple WordPress security tips in this article to keep your blog safe.
1. Update to get the current version that’s secure
No software is free from bugs and security holes. Make sure that you are running the latest secure version. For WordPress - as of this writing - that means versions 2.3.3.
Since WordPress gives plugins and themes full access to your blog, you also need to keep your plugins up-to-date. With the latest 2.3 series of WordPress you are notified in the admin screen when the plugins that you have installed are released in new versions.
2. Disable and remove themes and plugins that you are not using
If you are like the majority of bloggers, you have tried several different themes for your blog. More than likely, you now have a few different unused plugins that are installed.
Every single piece of unwanted software may provide a new vulnerability. Since no one is using them, why waste the energy to take these packages to the latest version? Get rid of the software, eliminate all associated files and be done with the trouble.
The last step of actually removing the files from the server is very important. Almost all themes and plugins are installed in well known directory locations. An attacker can use that well known URL to exploit a vulnerability even if you’re not using that theme/plugin.
3. Only download and install trusted code
Just like you shouldn’t click on email attachments coming from people you don’t trust, you shouldn’t install software on your blog from untrusted sources. Only download code from the authors’ web site.
Since WordPress and most themes and plugins are released as open source, anyone can modify the code with malicious intent and put up the badware for download to unsuspecting web surfers.
There is a penalty for being an early adopter! Allow other people to work through the holes and security issues before you attempt to use the package.
4. Watch out for JavaScript includes
Web analysis services and ad networks require the addition of JavaScript to blog pages. JavaScript code is allowed to do almost anything with your web page without your permission. In Essence, you are trusting the security of your website to this unknown, third-party service
I would be unwilling to have JavaScript put on my web site by an entity I was not familiar with. I would be more receptive to legitimate, well-known ad network and web analytic providers such as Google AdSense and Google Analytics.
Ad networks also pose another problem if you don’t have control over who is allowed to advertise on your network. Google applies the guilt by association principle: If you are advertising for a site that has badware on it, your site may be blacklisted too.
Subscribe to:
Post Comments (Atom)
0 Comments
Post a Comment