[WordPress] Thinking again about security.

Recently, the website of someone close to me was attacked in some way and the programme was tampered with.
I’ve been asked to help and I’m currently working on its restoration.

I maintain corporate websites built on WordPress for several global companies.
I strongly feel that security measures are essential in this context.

Also, as well as this site, when I take security measures and monitor it, I can see that it is under some attacks.
This is to say that it is not safe to say that even your smallest site is safe.
It doesn’t matter how big or small your site is, there are people out there who will try to exploit your server.
Of course, the bigger the company, the more likely it is to be the target of an attack.

I have actually experienced brute force attacks (password brute force) and DoS attacks that have brought down servers.
In both cases, if the server specs are too low, the CPU is occupied by a large number of requests and the server goes down.
Even if the server specs could be increased to avoid the downtime, AWS would charge on a pay-as-you-go basis, which would increase the usage fee. This is not a fundamental solution.

If you create your own website, you need to be particularly aware of this.
If you use a website production platform (e.g. Studio or WIX), you don’t need to be that aware of it because the platform guarantees security. However, there is a disadvantage that cost and flexibility depend on the platform.

Now, as a person who maintains a global company’s WebSite, I should take measures to prevent this in advance.
Security is not perfect, but we should try to bring it close to it.

・Regular core updates (WordPress itself, themes and plugins)
・Regular backups
・Brute force countermeasures
・DDos protection
・Regular malware scans
・2FA

These measures are still necessary.

If you use WordPress, you can deal with them by plugins, so let’s do it quickly.

Specifically, you only need to install the following plug-ins to have a strong security.

WordPress.org 日本語
Sucuri Security – 監査、マルウェアスキャナ、セキュリティ強化 Sucuri WordPress Security プラグインは、セキュリティの完全性の監視、マルウェアの検出、監査のロギング、およびセキュリティ強化のためのツールセットです。
WordPress.org 日本語
Wordfence Security – Firewall, Malware Scan, and Login Security ファイアウォール、マルウェアスキャナー、2要素認証、包括的なセキュリティ機能など、当社の24時間体制のチームがサポートします。Wordfence でセキュリティを最優先にし...
WordPress.org 日本語
Solid Security – Password, Two Factor Authentication, and Brute Force Protection Harden your site security with Login Security, Two-Factor Authentication (2FA), Vulnerability Scanner, Firewall, and more. Formerly iThemes Security.

The web is a convenient technology that can be accessed by anyone, but at the same time it is better to be aware that there are people with malicious intentions and that there are risks and to take action.

よかったらシェアしてね!
目次