Over the past few weeks we’ve seen a huge increase in the number of spammer attacks being reported by security monitoring sites. A spammer attack is when a malicious program visits a website repeatedly and tries to fill in comment and contact forms in the hope of distributing harmful content. If you find yourself under attack, the result can be thousands of spam comments and messages being left in a very short period of time and can cause more damage than leaving you frustrated at having to clean up the mess. A normally functioning website can be suddenly overwhelmed by the workload of having to process all of these extra non-human visits and the spike in resource usage that results can destabilise servers, putting not only yours but other websites at risk.
So, what steps can you take to make sure your WordPress security is as strong as it can be? We’ve got a few simple recommendations to help make your website a less appetising target.
Stay Up To Date
This is the simplest step of them all – Developers are constantly working to close exploitable loopholes as soon as the hackers discover them, so keep WordPress, your themes and plug-ins up to date with the latest releases. This is simply a case of keeping an eye open for the update notifications at the top of the WordPress dashboard, or a number appearing over the sidebar Update option, and clicking to instal the latest version. If you’re a Helpful Webhosting customer, we do this for you.
Optimise Your Site
- Don’t go too mad with the bells and whistles. Think about the plug-ins you need to run your website and delete any you don’t use.
- Find out which plug-ins might slow your site’s performance down with p3-profiler.
- The foundation of your website is the database that sits behind the on screen interface. As databases are wont to do, it gets cluttered up with old data that can slow your site’s performance down. Optimising your database from time to time can help, just like defragmenting your hard drive can help your computer go faster or decluttering your office helps your productivity. Use the wp-optimize plugin.
- Use a caching plug-in to stop WordPress building your website each time someone visits and speed up your pageload time. We recommend W3 Total Cache for a standard WordPress installation and Quick Cache for Multisite.
Secure Your Site
You wouldn’t leave your house with windows and doors wide open, presenting an easy opportunity for thieves to get in. Likewise, there are simple steps you can take to make sure you’re not leaving your site wide open to spammers.
- Use Akismet – a plugin with identifies and blocks comment and trackback spam so that you don’t have to deal with it. All you need to do is activate the plug-in and sign up to get an API key from the Akismet website. With a few clicks, you’ll be well on your way to a spam free future. Once set up, if your website is open to comments and you’ve already got a few suspected spam comments waiting for moderation, just go to the Comments section of the WordPress Dashboard and click the “Check for Spam” button to clear them out.
- If you use a contact form make sure you’re using a CAPTCHA plugin. This checks that the sender of the email is a human by getting them to fill in the displayed code before they can hit the submit button. We recommend Contact Form 7 and Really Simple CAPTCHA to go with it. If you’re using Akismet (and you should be), follow these instructions to check your messages against a list of known spammers.
The Single Best Thing You Can Do
Use CloudFlare. This is a Content Delivery Network that protects and accelerates your website. It optimises the delivery of your web pages, blocks threats and limits access to abusive bots and crawlers. It all adds up to improved performance and a decrease in spam and other attacks.
Setting yourself up with CloudFlare is quick and simple too. From start to finish, it shouldn’t take you more than 5 minutes and their core service is totally FREE.
Once you’ve set yourself up with a CloudFlare account, add the CloudFlare plugin to WordPress. If you’re using W3 Total Cache, you now no longer need the CloudFlare plug-in as the two services are integrated. Just make sure you set up W3 Total Cache with your CloudFlare details and you’re good to go. (NB: If you’re using both CloudFlare and W3 Total Cache, don’t ‘minify’ on W3 Total Cache if you’re using CloudFlare minify as over-applying it can make things look, to use a technical term, ‘screwy’.)
What If The Worst Happens…?
We take a belts and braces approach to backing up our clients’ files so that should the worst happen, we’ve got the means to restore a website to its former glory as quickly as possible. Our tech service takes daily backups, ensuring that we have 30 days of backups on hand to work from. We also take regular back ups ourselves so we have a back up to the back ups, as it were.
This means that our clients don’t have to worry about securing their data as we have it all in hand for them.
Finding Out More
If you’re minded to find out more about securing your website, check out WordPress’ article on Hardening WordPress. You can also Google “securing wordpress” to find plenty of other measures you can take, but the steps in this article will help a lot.
As ever, we’re on hand to provide assistance to any Helpful Webhosting clients who need it. Get in touch via email or on Skype if you need a walk through to implement any of the steps recommended above.