What is WordPress?
WordPress is open source software that you can use to create a website or blog. It is an easy-to-use, flexible website content management system (CMS). Introduced in 2003, it is now by far the most popular website CMS, hosting more than half a billion websites in 2018.
Even if you are new to website posting and management, WordPress makes it easy to jump right in and start building and managing your own website, using only your web browser. What’s even more attractive about WordPress is that it is completely free.
WordPress has become so popular that there are hundreds of volunteers all around the world who are constantly developing and improving the code for the WordPress software. And, there are thousands of plugins, themes, and widgets that enable you to build just about any type of website you can imagine.
How does WordPress work?
There are two ways to use WordPress: you can create your own web pages using an already-existing web server that’s hosted by a commercial version of WordPress at wordpress.com. Or, to have more control, you can create your own web server, with WordPress installed on top of it. Free, open source web “stacks” of the required underlying software are also available, as are many companies who will host and to some extent manage your site for you.
How do I get started with WordPress?
It’s very easy to sign up for an account and start creating your own website on wordpress.com. If hosting your own web server, you can find instructions for the installation process at the wordpress.org website, and for more help, the internet is full of independently-written instructions and videos on places like YouTube.
After installation, you log into your site with your web browser. At that point, you can start using the simple, built-in editor to create web pages without the need to learn how to code. WordPress includes templates for many types of web pages, making it easy to create blogs, eCommerce stores, business sites, forums, and virtually any other type of website you can think of.
How do I secure my WordPress website?
As with any software, WordPress sites are at risk of cybersecurity attacks and infection by malware at any given time. The tips below will help you keep your site secure:
- Keep WordPress updated: Outdated software is the number one cause of infection or malware on websites. WordPress frequently releases security updates, and plugin and theme authors also release their own updates. WordPress automatically checks for and installs new updates, even if you are hosting your own site. You can easily see if you have the latest versions of the WordPress “core” and any plugins by going to the Dashboard > Updates page of your WordPress admin account.
- Test updates on a staging server. When WordPress updates are released, a best practice is to test the updates in your staging site. You will then be able to create the update on your live website once you have confirmed all works well.
- Never log in to WordPress on public computers: Public computers, such as in a school or library, are especially vulnerable to cyberattack. When you log in to your website from a public computer, you make it easy for others who might use the same computer, or be on the same network to steal the admin credentials.
- Regularly audit admin users: Audit the user access list at regular intervals to ensure that only those who still need access are allowed. Also, make sure that users on your website are not given a higher access level than they need.
- Use two-factor authentication: The simplest and most effective way of preventing brute force attacks is to implement two-factor authentication for logging in. Two-factor authentication adds an extra layer of login security by requesting additional proof of ID, such as answers to “security questions” or a generated code that is sent to you on your mobile phone.
- Use a managed, comprehensive cybersecurity solution: To stay proactive against evolving threats, implement a multi-layered approach that includes a secured content delivery network and managed firewall. An all-in-one solution such as Comodo cWatch Web, whose certified security experts handle the work for you, is ideal.
What is Comodo cWatch Web?
Comodo cWatch Web is a fully-managed, cloud-based security solution. It is available with a robust web application firewall that can block advanced threats such as Denial-of-Service (DDoS), Cross-Site Scripting and SQL Injection attacks. It can also block application targeting attacks like attacks on WordPress websites.
The WAF is provisioned over a secure content delivery network (CDN) and monitored through the Comodo security information and event management (SIEM) system. Web traffic is continuously monitored and alerts are immediately received by security experts at the always-on (24/7/365) Comodo Cyber Security Operations Center (CSOC). Once an alert is received, certified analysts deploy countermeasures to the web application firewall and address security events before they escalate to security incidents, all in real-time.
Comodo cWatch Web includes the following features:
- Web application firewall (WAF): The web application firewall offers powerful, real-time advanced protection for web applications and websites, including filtering and intrusion protection.
- Secure content delivery network (CDN): The Comodo-managed CDN is a global system of distributed servers that can help improve the performance of your website and web applications.
- Security information and event management (SIEM): Advanced intelligence capable of leveraging existing events and data from 85M+ endpoints and 100M+ domains
- Malware monitoring and remediation: Detects malware, provides the methods and tools to remove it, and prevents future malware attacks.
- Cyber security Operations Center (CSOC): A team of always-on certified cybersecurity professionals providing surveillance and remediation services 24/7.
- PCI scanning: If your website is also a payment portal, PCI scanning ensures that it complies with the PCI DSS (Payment Card Industry Data Security Standard).