WordPress Hacking and you What you can do

As if website hacking is not something new to you, to mention hacking of WordPress sites could just sound like another form of it. But you’re relying on the wonderful technology that WordPress provides to post, manage and display your website content could mean just being over –confident or outright ignorant about the perils that are already the matter of concern in the wide world of website design.

Wordpress Hacking and you
WordPress Hacking and you

Any website is hacked for a variety of reasons; to steal information, to place spammy links, to feed on the traffic a particular website has to ones advantage and much more. This is not very different with hacking of WordPress sites too. WordPress works almost entirely on its plugins and a well devised database to create a system where dynamic content is a cakewalk for anyone, who owns a website, to manage. Hackers simply find the vulnerability in a plugin, insert a malicious code or code edit and gain access to the database that manages all content. There, they can place SQL codes to manipulate the website’s content and pretty much have your website under their control.

Why WordPress is a point of concern?

Why WordPress is a point of concern
Why WordPress is a point of concern

 

The turn of events, making a highly desirable and easy technology as WordPress, utilized for website designing from just being a blog building platform, to be a vulnerable target for hackers to break in to, is more of a recent development. The interesting facts related to this phenomenon are;

  • WordPress’s popularity has soared across the world and currently accounts for a huge share of websites built and maintained around the world.
  • Ease with WordPress in building websites has misled website owners to a false sense of security also. Most of this is seen among small businesses and startup companies who are also happy with the lesser investment it needs.
  • Following the last point, a large group of website owners don’t really religiously update their WordPress installations, whereby rendering themselves vulnerable to security loopholes that hackers utilize.
  • The third-party plugin developers are also risking their customers with plugins that has not been tested enough and neither been created with farsightedness.

Let’s try a more technical view of this scenario.

image03

  • On a development level, bad coding can create vulnerabilities that hackers can use to their advantage
  • At the administrative level, applying poorly constructed passwords can make access to skilled hackers very easy
  • Plugins developed without a good amount of testing and a stable and fool-proof coding can compromise the website’s security on a whole
  • Website owners/managers who do not care to do regular WordPress updates puts themselves at great risk of falling prey to newer hacking attacks

So how do I safeguard myself?

image04

It’s one thing to operate and manage WordPress modules at an operational level, where you essentially add and edit content for your website. When it comes to making your WordPress website safe from hackers, you definitely need to meet the experts and get things done. Nevertheless, you had better looked up for the following cues;

  • Are there pages in your websites failing to appear as expected?
  • Is your admin area failing to perform at any point?
  • Have you verified that new plugin that you have considered attaching to your website?
  • Are you getting a lot of spam emails lately?

If any of these cues turns on, it’s time for you to call for technical experts like hosting supporters to get your website checked. Few of the measures that can help in preserving your website are;

  • Take backup of your website data regularly
  • Change your passwords to stronger ones. The more mixed up and complex, the better
  • Use WordPress security keys. Your hosting support should know that in the file wp-config.php there is a place where you can enter encrypted security keys for information stored in your cookies. Go to https://api.wordpress.org/secret-key/1.1/ to generate your keys and update your wp-config.php
  • Delete plugins that cannot be trusted or those that are not in use anymore
  • If you can make out from the Error log file, it will tell you which file is causing the issue. You can replace or remove those files
  • It is best to upgrade your WordPress to latest versions. This also includes your Worpress theme
  • Check for file permissions and upload permissions
  • Use some security plugins like the ones listed below
    • Wordfence
    • All in One Security Firewall
    • Sucuri Security
    • iThemes Security (formerly Better WP Security)
  • Change WordPress Table prefix. This is something your tech support understands and can help you with
  • If you have any contact forms in your website, crosscheck with developers if that form is built with core CT standards.

image05

WordPress has made building and maintaining websites a wonderful experience for you. But as much a great tool it is, it can serve you with its caliber when you keep it updated and well-maintained. Your diligence will pay off with your WordPress installation giving you the great advantage of seamless website performance for a long time into the future.

Select default image size for gallery in wordpress

In wordpress image gallery, it uses the full image size by default for every gallery but you can select or set the another image size. Using following code you can set the default image size for your wordpress image gallery.

Select default image size for gallery in wordpress

just copy and paste following code to your functions.php file:

<!--?<span class="hiddenSpellError" pre="" data-mce-bogus="1"-->php
 remove_shortcode('gallery');
 add_shortcode('gallery', 'custom_size_gallery');

 function custom_size_gallery($attr) {
      $attr['size'] = 'medium';
      return gallery_shortcode($attr);
 }
?>
default image size for gallery
default image size for gallery

install and update the wordpress plugins without providing ftp access

I did so much R&D about installing and updating the wordpress plugin without using ftp access. I got very nice trick to solve this issue. When you are using the shared hosting or VPS server for wordpress site hosting. You always face issue for installing the wordpress plugin or wordpress theme. It issue happen when you do the the wordpress updation. Using following simple steps you can install the wordpress plugins and themes without giving the ftp access.

update wordpress plugins without ftp access

I always did the wordpress plugins and theme updation. So every time providing the ftp credentials are really panic. So I am always using following steps for doing wordpress up-gradation.

First you need to add the following code in your wp-config.php file.

define('FTP_USER', 'username');
define('FTP_PASS', 'mypassword');
define('FTP_HOST', '192.168.2.132');
define('FTP_SSL', false);

But this is old idea. If you dont want to add the ftp access in wp-config.php file then Just add the following line wp-config.php file.


define('FS_METHOD', 'direct');

Note: You need to give 755 permission to wp-content folder. Create the upgrade folder in wp-content folder.

If still you are facing issue then give 777 permission to all wp-content folder.

For permission use following command

cd your_wordpress_directory
sudo chown -R www-data wp-content
sudo chmod -R 755 wp-content

More information:

WordPress will try to write a temporary file to your /wp-content directory. If this succeeds, it compares the ownership of the file with it’s own uid, and if there is a match it will allow you to use the ‘direct’ method of installing plugins, themes, or updates.

Now, if for some reason you do not want to rely on the automatic check for which filesystem method to use, you can define a constant, 'FS_METHOD' in your wp-config.php file that is either 'direct' 'ssh', 'ftpext' or 'ftpsockets' and it will use method. Keep in mind that if you set this to ‘direct’ but your web user (the username under which your webs server runs) does not have proper write permissions, you will receive an error.

update wordpress plugins without ftp access
update wordpress plugins without ftp access