It seems that a week never passes without some report of a major website being hacked, or a DDOS attack. What slips through the headlines are even more frequent cyber assaults on smaller websites. Although WordPress was designed with security in mind it is just as susceptible to attack as any site is and like many content management systems (CMS) it is open source. Which means that hackers are aware of possible WordPress vulnerabilities to look for and to exploit. Website hacking is on the icrease which is largely due to the use of freely available hacking tools and scanning software. Its not enough to solely rely on WordPresse’ own security. Your WordPress site must be setup with additional security measures, be regularly maintained and monitored for suspicious activity.
You might consider that your site has nothing of value to others but every website has value to hackers. You may hold sensitive data. Your site may be used to send spam or attack other websites or even site users computers (viruses/malware). Your site could be used to advertise inappropriate goods or services. Businesses and individuals must now take security seriously, more than they ever have in the past!
In this article we describe 12 steps we routinely deploy on every new WordPress site. There is no such thing as perfect security but following these steps will greatly increase security and make a site much harder to hack. Although this article directly concerns the security of WordPress sites, the principles behind the following apply to most websites.
It should be noted not all spiders will honor robots.txt instructions but reputable search engines will.