In current online scenario WordPress websites are very much vulnerable to attacks if they are not maintained properly and security aspects are not understood and tackle properly. It sounds utter stupid to sit and wait for an attack and think of solutions after that. It is always better to prepare for worse. So you need to understand the vulnerable security aspects on your WordPress website and plug the security gaps before someone else finds it.
Here we will discuss about the most important security issues and will see to the solutions to plug those gaps
1.Security to User Accounts –
- Check if there is any account with default admin username ‘admin’. It makes your site vulnerable to attack as attackers know the username already and only have to guess the password now.
- Should keep a tool to check the passwords strength and mustn’t allow any account to be created with weak password.
- User enumeration ( What is it ? ) should be stopped so the bots cannot find out user info via author permalink.
2. Security of User Registration Process –
- If your website allows users to create their accounts on your website, you should keep some manual approval process for new account.
- Use of Captcha and honeypot will also help to keep check on spam and bogus user registrations.
3. Security of User Login Process –
- First of all the login process should be protected from the brute force attack ( What is it ? ). There has to be a system in place with should lock the users with a certain IP address or a range of IP addresses for a specific time period.
- All users should be forced logout after a specific time period and should be asked to login again.
- Add captcha to login and forgot password field.
- You should keep a tool where you can keep track of user activities and should be able to block user IP with suspicious activities.