“Deter, Detect, Analyse, Respond” is a saying that breaks down some basic security aspects in real life. When used for WordPress security, it will help you keep control of a situation and minimize the possibility of chaos.
This article is part 1 of 3 articles that will touch base on how WordPress security as a whole can be accomplished. The idea of this article is to give a clear picture outside of the box when it comes to security for WordPress. Part 1 will not go into detail about how to perform security but rather the process.
Deterring the bad guy
A good way to think about deterring is to picture a bad guy walking down the street looking for a house to break into. If you have security system sign in your window or in your yard the bad guy will most likely think twice about putting effort into breaking into your home. When it comes to deterring bad guys from hacking your site the same applies.
The absolute biggest deterrence of a hacker is updated software. Having the latest version of WordPress, plugins and themes is the #1 way to deter a direct hack. Simply performing maintenance every month on your website help deter hackers.
Whether your website get 1 visitor a day or 1 million, you have the ability to monitor every request that comes into your website. Ensure that you have the means to logs these requests. In most cases your hosting company will keep a log but it is a good idea that you manage your own as well.
Being able to distinguish a bad request in WordPress is paramount to the next phase. You need to analyse all requests and be able to pick out any bad requests.
Once you have deemed something bad, you need to take the appropriate steps to either limit or block said event. When it comes to WordPress, and appropriate response may be to block and IP, limit a client or simply do nothing.
We are not here to tell you that WordPress security is simple. It is not something that can be done with a single plugin. To do it properly, it requires a combination of human interaction and software.
We would love to hear your process that you use when approaching WordPress Security. Leave a comment below!