WordPress Security Tips for Attorneys

Making sure your Lawyer site is secure is an important thing these days. WordPress is a great thing but its very possible hackers can get into your site and cause problems IF you make it easy for them.  There are a few different things you can do right away to prevent some basic problems by making a few changes within WordPress.

#1- Setup a good WordPress security program such as Bulletproof Security and configure it to make sure your site is secure. 

Download here – http://wordpress.org/plugins/bulletproof-security

#2- Disable Trackbacks & Remove xmlrpc.php File – 

You should disable trackbacks and remove the “/xmlrpc.php” files. To do this, go to Wodpress admin panel ; Settings ; Discussions ; uncheck “Allow link notifications from other blogs (pingbacks and trackbacks)“. The “xmlrpc.php” file can be removed via FTP and WebShell file manager and is in the wordpress root directory.

In case you want to allow legitimate trackbacks, you should install the following plugins for blocking trackback spam:

Simple Trackback Validation with Topsy Blocker

http://wordpress.org/plugins/wp-hashcash-extended/

#3- Remove the default ADMIN user name and replace with unique user name and also make sure you choose a very difficult password. 

#4- Disable  wp-cron in wp-config.php:

– Open your wp-config.php file with the File Manager Code Editor
– Disable the cron by going to the bottom of the database settings in wp-config.php typically found around the following line.
– Add the code below the line:

/** The Database Collate type. Don’t change this if in doubt. */
define(‘DB_COLLATE’, ”);

define(‘DISABLE_WP_CRON’, ‘true’);

– Click Save

Now WordPress will not automatically run the wp-cron.php script each time your site gets a new visitor.

#5- Make sure to Update WordPress and all THEMES and Plugins.  REMOVE Any plugins you are not using.

#6- Remove any older user accounts and make sure you check to make sure any new user accounts arent created.

#7- Get Better WordPress HOSTING – This can make a big difference when you have a host that cares and puts a big emphasis on SECURITY. WP Engine does this and I suggest using them for your webhosting needs.

[divider height=”30″ style=”default” line=”default” themecolor=”1″]

Has Your Legal WordPress Site Been Hacked?

WordPress is an excellent CMS and very popular, yet it seems to be very vulnerable to hackers.  Ive seen more and more lawyer websites that get hacked and have this ugly message from Google…. “This Site is NOT SAFE or This Site May Harm Your Computer”…. Thats the last thing you want a client seeing when they visit your site.

WHY do sites get hacked and infected with Malware?

This is a really good question, and not many people seem to have an answer to this.   It seems like if you ask your web host, they will give you a very generic answer that doesn’t help at all.  Like they will usually blame you and infer that you didn’t set a strong enough password, and thus the hacker got in and did damage.  That’s bullshit!   I mean that’s one possible thing you can do to prevent your site from getting hacked, make sure your passwords are really strong.  Yet if a hacker wants in, they will get in because there are a lot of holes in WORDPRESS. Everyone uses wordpress, raves about it but its constantly getting hacked like on a second by second basis.    Setup a live stream to see people who are trying to hack into your site, you would be amazed.

It seems like even if you setup a lot of different things for security, you still can get your site hacked.  I just setup a new clients legal site, and moved it to a more secure webhost, had security and malware protection setup, YET it still got hacked. Strong passwords were setup, admin account removed, wordpress and plugins all updated and the list goes on.   Yet sometimes they get in and so then the key is being able to recover from the intrusion and get your site cleaned.

How To Prevent Getting Hacked

Every day, cybercriminals compromise thousands of websites. Hacks are often invisible to users, yet remain harmful to anyone viewing the page — including the site owner. For example, unbeknownst to the site owner, the hacker may have infected their site with harmful code which in turn can record keystrokes on visitors’ computers, stealing login credentials for online banking or financial transactions.

There are many different things you can do when you have a wordpress site. Yet some things are pretty obvious and yet dont get done, such as making sure you have the latest version of wordpress setup, making sure your plugins are updated and a number of other things that I will list in the next blog post.

Security is becoming more and more important because there are more hackers then ever, and you just want to make sure that your site is protected, backed up and that you feel confident that even if your site is hacked, you will be able to recover from it and not get penalized by Google in any way.

WORDPRESS SECURITY EXPERTS FOR LAWYERS

If your site has been hacked and you need to get rid of malware, contact us right away for help. Either call us at 630-393-0460 or fill out form below and we will get in touch with you. We can help and get this fixed sometimes within 24 hours.

[si-contact-form form=’1′]