Our blog category security
6. April 2022In Security3 Minutes

More than design

Web design is not just about designing a new website. There are many other components that make a website a modern one. One of those components in web design is the security of the website.

More than 60 percent of websites based on a content management system (CMS) are built and designed with WordPress. So it is no wonder that WordPress websites are a huge target for hackers. There are many vulnerable elements when WordPress is installed with the default settings and the default software or plug-in components.

A lot of work has to be done, running in the background of a website, visible or not visible to the visitor of the site. First of all there are some folders of the default WordPress installation that can and should be secured with additional measures. Some of those vulnerable folders and files are:

The upload folder where all the media of a website are saved
The wp-config file where basic data, like user, password and database are stored
The .htaccess file which also contains sensible data
The wp-login which, as the name says, is the main login to the backend of a website

Those are just some examples of what has to be done to make the default WordPress installation safer.

The next step that really helps making a new website more secure is to install a defense plug-in like “Wordfence“. With this plugin you can set up a lot of security measures that protect the website from being hacked. Moreover, you get a lot of important and helpful information on what’s going on in the background, i.e how many login attacks have been made, from which countries and much more. With those information measures can be applied to prevent the website from getting hacked.

It goes without saying that the most important requirement of a WordPress website is the backup. From the very beginning backups of the whole website have to be made to avoid loss of all data and content of the website. With an actual backup of all the website components, the rebuilt can be done quickly in case the website has been hacked. It is also crucial that the backups are not only saved on the server of the website’s hosting, but also offline.

Last but not least, when installing WordPress DO NOT use the default username “admin” and of course choose a very strong password. It is obvious that with the username admin hackers already get 50 percent of the login information.

Soon I will post on how to make your contact form safer and avoid endless spam mails.