Breaking News! WordPress powered websites get attacked by Unscrupulous Elements! Beware and Take Precautions!
The startling and disturbing news of websites powered by the most popular and trusted Content Management System (CMS) WordPress getting attacked by unknown elements with ulterior motives has hit the Internet World.
WordPress has been upfront among the preferred CMS by web designers, developers and website owners alike, owing to the innumerable features and easy-to-handle feasibilities. Millions of downloads have already taken place from their parent-site for building web contents and changing them as and when needed, by website owners worldwide.
Of late, some unscrupulous elements are reported to be indulging in infiltration of the security of WordPress by sending in harmful installations to peep through the admin accounts and disturb the set-up with dangerous scripts that will cause disruption to the total working of the CMS, in addition to hack vital information.
It is reliably learnt from some law enforcing agencies that the bad elements have recently targeted the U.S. Financial Institutions in this regard. On suspicion of foul play, a detailed investigation was conducted. It revealed that the source of the attack on computers has originated from the CMSs downloaded and installed – particularly the WordPress – on a majority of incidents. While taking up further thread, it was also found out that the purpose of the attack was to infiltrate into the safe and securely guarded administration account and thereby install malicious scripts and access the directories.
This is just starting point. As of now reports are getting increased day by day from various quarters that the attack has taken a totally new dimension in its larger scale. As such, the risks involved have become greater, particularly if your website has WordPress CMS powered. It is therefore advisable that you take all the precautions well on time. Tightening up the security aspect of WordPress CMS is of predominant importance and you’ve to take the undernoted steps:
1) Update the Security plug-in and upgrade it if needed to enable WordPress installation to take care of this on its own. The CMS has inbuilt security capabilities to tackle malicious attacks.
2) Keep a watch on the currency of the Security plug-in so that even if it does not show expiry, it may be due in short time
3) Password should be carefully selected for accessing the administration account. Ideal would be to generate the secret password randomly selected, from the difficult-to-decipher ones.
In addition, you can try extra precautions as well as given below:
- Disable DROP command for DB_USER. For particularly WordPress set-up there is no need for this.
- Keep the information about the version very secretive. If you want to arrest leakage, better you remove from the system all README files licensed and installed, totally
- Change the permission to 400 and move wp-config.php to level higher in the directory and this will also work.
- Limit the number of IPs permitted to access WordPress Administration
- Some more plug-ins recommended are: wp-security scan; ms-user-management; wordpress-firewall; ultimate-security-scanner; wp-maintenance-mode; wordfence and http://wordpress.org/extend/plugins/better-wp-security/. All of these additional precautions will help greatly.
Over and above the preventive methods described as above, you can try cloudflare installation for the security of Cpanel accounts, which can ably prevent such attacks and eliminate distortion in functionality.
The above tips will work for the complete safety of WordPress CMS in your website if scrupulously followed and you can feel relaxed that the security risks get minimized. All the Best!