In April over 700,000 Macs were infected with the Flashfake, or Flashback, malware. These computers were infected because the user visited any one of the 100,000 WordPress blogs that contained the malware and infected their visitors via drive by download.
These numbers only reflect the damage done by one single strain of malware, and as we all know there are thousands of malicious programs that lie in wait on different WordPress blogs ready to infect unprotected visitors.
As a blog owner, it is up to you to do something or you risk losing traffic and losing your good name.
But how are you to fight the spread of malware? These steps will get you started…
Keep Your Computer Malware Free
Before you install WordPress you should scan your computer for malware. Why? Because if you create your user credentials, set up your database password and all that other good stuff with a keystroke logger on your computer guess what? All of the other steps you take to keep your blog malware free is for naught.
Harden Your WordPress Installation
The moment WordPress is installed you should be thinking about security. The first step should be to change the default admin user name and password. You should also rename your database tables, if they are the default ones created during the installation. Other steps to take would be to:
- Hide the contents of your plugins folder
- Prevent search engines from indexing yoru wp-* folders
- Move your wp-config.php file to the WordPress directory
- Set your file and folder permissions
- Hide the version you are using
- Make sure WordPress and all your plugins are up to date
Be Smart About What You Install
The beauty of WordPress is that it is easy for anyone to create a visually stunning, interactive web site through the use of themes and plugins.
The only problem is, there are hundreds of themes and plugins that actually contain malware. When you install, and use, these on your site you have actually infected yourself.
To avoid this, only use themes and plugins that come from trusted sources. It may be tempting to install that free template that has just the look you want for your blog, but if you have to sacrifice your site’s security for a few bucks it just isn’t worth it.
Install a Layer of Security
There are many plugins that you can install that will scan your WordPress blog for malware and vulnerabilities. This is a great start but you also need something that will help you clean any malware from your site and provide real time protection rather than only on demand scans.
Having the tools in place to monitor, report and repair your web site will let you concentrate on building content for your blog rather than worrying about security all the time.
If security was as simple as installing a few applications or plugins then there would be no real threat to worry about.
As a blog owner it is your responsibility to keep yourself current on the different threats to your site and what steps you can take to protect it, and your visitors, from malware and malicious hackers.