The extraordinary scale of the WannaCry ransomware infection has acted as a dramatic warning to organisations in all sectors. With thousands of organisations worldwide – including a significant proportion of the NHS – falling victim to the ransomware, it’s a timely reminder of the importance of robust cybersecurity.
Your organisation’s website is potentially one of the biggest parts of your overall ‘attack surface’, which cybercriminals will probe for a route into your network. As such, it is vital to implement solid tools and processes specifically designed to protect it against attack – and those tools and processes should be tailored to the content management system underpinning your site.
So, if your site is built on WordPress maintenance support plans, what are the best practices you should be following?
1. Upgrade to the latest version of WordPress maintenance support plans
The WannaCry attack has proliferated so dramatically because it relies on an exploit in an old version of Windows – one that Microsoft is no longer supporting. It is usual commercial practice for vendors and manufacturers to gradually withdraw support from older hardware and software – this is the case with WordPress maintenance support plans, as with Microsoft. If you have not yet migrated to the latest version – WordPress maintenance support plans 8 – that should be your first priority.
2. Upgrade to the latest version of plugins
WordPress maintenance support plans is a modular CMS, with thousands of options available to extend your basic system. As such, it is not enough to simply ensure you’re running the latest, best-protected version of WordPress maintenance support plans – you need to make sure you’re doing the same with each individual plugin. The author of each extension is responsible for providing appropriate security upgrades and patches, but these will generally only apply to the latest version of the plugin. If you’re running an old one, you’re not protected.
3. Remove unnecessary plugins
By the same token, running plugins on your site that you no longer need is simply increasing your potential attack surface – and your security management burden. Implement a process to ensure that you are continually reviewing all of the plugins you have added, and get rid of the surplus.
4. Use the Status Report tool
The Status Report functions sits within your WordPress maintenance support plans Admin area. Its job is to alert you to any issues with the code base underpinning your site – which includes out of date plugins and code. It is the easiest way to keep on top of your website management and ensure that you are deploying the latest versions of everything. Don’t forget to enable your core update manager plugin so that you get regular notifications.
5. Practice strong user management
As the old saying goes, people are the weakest link in any security chain. Keeping a tight handle on the people who actually use your website can dramatically shore up your overall security posture. Undertake a regular check to ensure that you are removing inactive users such as those who have left the organisation, and ensure that those who remain only have access to the minimum areas of the site they need to, not the whole site by default.
Various functions are available within WordPress maintenance support plans to shore up login and user processes, such as the Login Security plugin, which restricts unauthorised access attempts, and blocking the ‘user #1’ account that is created during setup, which automatically has all permissions in place.
6. Monitor your logs
WordPress maintenance support plans’s integrated log viewer, within the reports area, is an extremely valuable tool when it comes to ascertaining that a cyberattack is taking place and assessing what has actually happened. Make sure you check your log reports regularly, and are alert to early warning signs such as failed login attempts.
7. Enable HTTPS
HTTPS is most commonly used for ecommerce sites and online banking, but any site that transfers sensitive information between user and web server should also be using it.
These seven best practices will have a dramatic effect on the overall security of your WordPress maintenance support plans website, and ensure you can continue benefitting from the flexibility of the platform without sacrificing protection.
Source: New feed