Tips for web developers faced with securing pre-existing WordPress sites
WordPress is the most widely-used content management system in the world, powering over 35% of all websites. However, many pre-existing WordPress sites have a number of security flaws. Find out how web developers can overhaul an existing WordPress site into tip-top shape and how to handle potential security concerns.
For web developers, the topic of content management systems can be quite divisive. Some see them as a hindrance to building customized solutions for clients, while others believe them to be flexible architectures that speed up site construction by providing support for common functions. Like them or not, however, they’re a fixture of the modern internet.
Take, for example, WordPress. It’s by far the most widely-used CMS in the world, powering over 35% of all websites. That means there are few web developers that won’t encounter it in their work, and most will have some experience developing for the platform. Unfortunately, many of those encounters will be with pre-existing WordPress sites, the majority of which were initially built by amateurs.
That’s an issue because the majority of WordPress site owners spend more of their time agonizing about choosing the perfect domain name than they do on making sure their site’s competently constructed. That reality often leaves the follow-up developer with a confusing mess on their hands – and the first casualty is the site’s overall security. To help developers dealing with that kind of issue, here’s a rundown of how to whip an existing WordPress site into shape from a security perspective.
Modify the default database prefix
More often than not, the first place an attacker will hit on a WordPress site is its database. That’s because the software uses a standardized and well-known naming structure to create its backend database tables on install. That means the first modification a web developer should make on an existing site should be to rename the site’s database tables to make them harder to guess. It’s a process that takes only a few minutes and provides an instant security upgrade for the site.
Update to the latest PHP version
Many of the common exploits that tend to affect WordPress sites stem from the underlying PHP coding the site and its plugins use. To defend against an attack on that code, first, make sure that the site is using the most recent PHP version available. According to WordPress itself, 59.3% of active sites are using PHP versions that no longer receive security updates. That means there’s a pretty good chance that any preexisting site a developer encounters is going to need a PHP upgrade ASAP.