Recently online forums
have been flooded with
tales of WordPress blogs
being hacked and then
banned by Google for
spreading badware. To
avoid these nightmares,
follow the simple
WordPress security tips in
this article to keep your
blog safe.
Update to get the current
version that's secure
The latest WordPress
version, 2.3.3, is the most
secure and effective version
you can get right now. All
software contains bugs and
security vulnerabilities.
Having the latest version of
a product reduces
potential issues.
Other things to watch are
plugins and themes as they
have full access to
WordPress. Starting with
the version 2.3 of
WordPress, you can find
out if the installed plugins
has a newer version from
admin screen.
Disable and remove any
themes and plugins that
you're not using
If you are like the majority
of bloggers, you have tried
several different themes
for your blog. More than
likely, you now have a few
different unused plugins
that are installed.
Each installed theme and
plugin is a potential
security hole. Keeping
unused themes and plugins
up-to-date is a waste of
time. Instead, deactivate all
plugins that you don't
need or use. Remove the
files for unused themes
and plugins from the
server.
The final step is among the
most significant. Eliminate
unnecessary installations.
Remember that everything
you've installed lands in
standard locations. A
hacker can simply search
your site, and take
advantage of known holes.
It is irrelevant that you are
not using the package.
Never download and install
codes that aren't from a
trusted source
Just like you shouldn't click
on email attachments
coming from people you
don't trust, you shouldn't
install software on your
blog from untrusted
sources. Only download
code from the authors'
web site.
Since WordPress and most
themes and plugins are
released as open source,
anyone can modify the
code with malicious intent
and put up the badware
for download to
unsuspecting web surfers.
There is a penalty for being
an early adopter! Allow
other people to work
through the holes and
security issues before you
attempt to use the
package.
Watch out for JavaScript
includes
Many web analytics services
and ad networks require
you to add some JavaScript
to your blog pages. Often
this takes the form of a
JavaScript include which
gives the authors of that
JavaScript almost wholesale
permission to do anything
with your web page. In
essence you are trusting
the security of your web
site to this third party
service.
I would be unwilling to
have JavaScript put on my
web site by an entity I was
not familiar with. I would
be more receptive to
legitimate, well-known ad
network and web analytic
providers such as Google
AdSense and Google
Analytics.
Ad networks also pose
another problem if you
don't have control over
who is allowed to advertise
on your network. Google
applies the guilt by
association principle: If you
are advertising for a site
that has badware on it,
your site may be blacklisted
too.
Read more of Nick Dalton's
WordPress security articles
on his blog for Internet
business owners and
bloggers at
TipsTricksToolsTechniques.
com
Article Source: http://
EzineArticles.com/?
expert=Nick_Dalton
1
1
1
1
1
Rate This Article:
Most Recent EzineArticles
from the Internet-and-
Businesses-Online:Blogging
Category:
Differentiating the Myth
No comments:
Post a Comment