Time to upgrade: WordPress version 4.7.3

One of the major reasons behind the insane popularity of the WordPress content management system are the core updates that are released on regular basis. Most of the time, these updates are related to security patches, backend or frontend codes and WordPress core. It will be good if you quickly install all these official updates as it will help in making your WP-based website stable, secure and functional.

On 6th March 2017, WordPress released v4.7.3 which comes loaded with some major security issues and it is recommended to update your WP sites immediately. In case, you don’t have to time for this task, you can hire WordPress developer who will help you update your WordPress core. The latest version of WordPress has eliminated six security problems which were detected in v4.7.2. Although, WordPress has officially rolled out the update but it will take some time to reach out to the users spread across the globe.

Given below are six security issues that earlier affected the functioning of WordPress v4.7.2:

  • Control Characters which tricked the redirection of URL validation.
  • Cross-site scripting (XSS) via video URL in YouTube embeds.
  • The cross-site scripting (XSS) done via taxonomy term names.
  • Unintended files which can be removed by administrators with the help of plugin deletion functionality.
  • Cross-site scripting (XSS) via media file metadata.
  • Cross-site Request Forgery (CSRF) which lead to the excessive use of server resources.

In addition to the above-mentioned security problems, the WordPress 4.7.3 contains approx 39 maintenance fixes to the whole v4.7 release series. For further information about the complete list of changes, you can refer to the official release notes provided by the WordPress.

So if you wish to manually download and install the WordPress 4.7.3, all you need to do is to venture over the WP Dashboard -> Updates and click on the “Update Now” button. In case, your website supports automatic background updates, then your portal will automatically upgrade to the WordPress 4.7.3.

An Introductory Guide to WordPress Security

wordpress security by Designs2HtmlVery often, on the internet, we read some old or new scary stories of about any prominent website being hacked or some sensitive database being compromised hits the web and turns everyone freaking out. With the growing popularity of WordPress, it has created a buzz against hackers. The statistics in research shows that 80 million websites are WordPress users and a large portion of them prone to attack.

So if you do not want to register your website among the long list of hacked websites, then you’re probably on the right track. Every website is subject to risk irrespective of being the size of the company. Attacks can happen because your website is vulnerable to attacks and not because a hacker decided to ‘break-into’ your business.

After your website is hacked, besides harming the reputation, you may lose an enormous amount of customers, confidential information, wealth, efforts, time, to bring it back into normal mode. So if you’re seeking for excellent WordPress web development, aim to provide primitive measures to keep it secure. It won’t cost you much, but it saves a lot of time, money and disappointment in the future.

Some Quick methods to protect your WordPress website –


1. Keep updating your WordPress Website

update WordPress

WordPress website needs to be regularly updated. It brings along with it plenty of WordPress security vulnerabilities. Actually, WordPress is no miracle! With every new update, it fetches multiple numbers of additional features and upgrades. It is basically a cheat sheet for hackers everywhere.

If you miss updating your WordPress, those security flaws will ruin your existence. So, in order to avoid the hacking of the website, Install the latest version of the WordPress regularly.

2. Use strong passwords

Strong passwords Wp security by Designs2Html

A Strong password can be one of the major reason behind to go a long way to protect your WordPress blog. Always remember, a strong password can be comprised of letters, words, numbers, and any other valid characters. But avoid using a single word, letters-only, or numbers-only passwords. Any personal detail or a password based on them can be easy to crack for hackers. Try to make it difficult for hackers to know the patterns.

A simple password can be WordPress123, HelenBrown, etc. A strong password can be like pressmyWORDSand5ecurit!$, W0rD!!Pr3$$123, etc.

3. Change the default admin user names

Finding admin or username is the first practice of the hackers. So avoid using too obvious usernames. Change them to something more difficult for hackers to identify. Apart from this, review your user’s role and make a point to that there is only one administrator to the site. Set others as a ‘contributor.’ Remove the invalid admins or set their role to ‘None’.

4. Check your Server Settings

The server is also one of the primary sources for hackers to attack the website. So to keep yourself cent percent secure, take a proactive approach to your website’s security. Check the server logs daily and find out any unusual behavior. Preferably use a strong password for the administrator account and FTP. You may also enable email notifications into which someone is logged-in to the server, every time.

5. Hide Your Plugins

Plugins are one of the hidden sources from where hackers can inject your website. Put an empty index file into your /wp-content/plugins/ folder. It will protect all of your plugins.

hide wordpress plugins

In the above image, you can see, that the plugins are clearly visible to anyone who navigates to the /wp-content/plugins folder. A hacker’s job will be simplified if s/he gets to see security plugin. Add a blank index.html into the plugins folder. It doesn’t make any difference if your WordPress site has the security system. But up till the hacker doesn’t know, he will be less fascinated to try anything.

6. Prevent hacking via through WP-includes security

WordPress includes the core. It should be used very carefully even after converting it from PSD to HTML. It should not be left accessible to hackers by any means.

So keep a regular check of any bots or hackers from sending unwanted scripts straight to your WordPress. Add this before #BEGIN WordPress in your .htaccess file.

7. Always keep a full backup of your WordPress website

wordpress backup

Backup is one of the first things that can be used to restore your website if hacked. So keep a backup of your WordPress website at regular intervals. There are many plugins which assist the WordPress website owners like VaultPress, Updraft-Plus, WP-DB-Backup, BackupBuddy, etc. These plugins carry an easy restore option. So to ensure that the plugin is backing up, keep a regular check, including all databases and directories.

Bottom Line :

These are just a quick but important factors that can keep your WordPress website secure. As WordPress continues to evolve, so will the hackers and their attempts to penetrate your site and chuck you out. So always stay one step ahead of hackers. These few steps mentioned above will definitely ensure your WordPress website from hacking.

Do Not Let Malicious Hackers To Botch With WP Security

74,652,825 websites out of one billion websites present out there are hosted on WordPress.com. Talking about self-hosted sites, WordPress holds a considerable 18.9%. WordPress has outgrown to be one of the most incredible CMS platform covering up 25 percent of the market and has thus become quite a popular CMS platform. It is not that there are no worthy competitors in the CMS world, but we do not have such a precise and easy to go CMS platform which makes it quite easy for even the greenhorns if the web development to carry their work easily, however for technical processes which needs security such as HTML to WordPress theme conversion they might need assistance of a professional company which can securely move their website to WordPress .


According to Matt Mullen-way, who happens to be the CEO and founder of Automatic, the developers of WordPress asserts in a blog: “The big opportunity is still the 57 percent of websites that don’t use any identifiable CMS yet, and that’s where I think there is still a ton of growth for us (and I’m also rooting for all the other open source CMSes).”

Crypto ransomware and other software with malicious intentions were in the news because they hacked ample lot of WordPress websites which was something extremely shocking for the users.

One of the most talked about news was that three major security firms have reported hackers has attacked a large number of websites and the users in a vile manner to malicious websites so as to fetch their credentials.

Black Markets

Now you might be wondering from where do these malicious websites host their codes. They go to Nuclear exploit kit to host their malicious code that one can purchase from the black markets of the Internet.

Those users who do not have the updated version of plugins such as  Microsoft Silverlight, Adobe Flash Player, Adobe Reader or even the browser can fell into a trap of  Teslacrypt ransomware package. This encrypts your file and keep it as a hostage and demands ransom for giving you the decryption key to restoring the version.

Jérôme Segura, who happens to the Senior Security Researcher at Malwarebytes, reports that nowadays, malicious users inject malicious code that can quietly redirect the users to domains that apparently look like hosting adds. These ads are a distraction or fraudulent, as they are infused with code that redirects the users to the Nuclear Exploit Kit.

We have ample lot of security plugins for WordPress websites , but here we have handpicked three top most plugins that will help you to strengthen your WordPress security.

1. WordFence

When it comes to WordPress security WordFence has gained credence in among all the security plugins present out there. One of its best quality is that keeps a check on the malware infection.

Apart from that it scans the complete file structure of  the core of your WordPress website, and also the themes and plugins.  It will notifies you whenever it comes across you.

This is not it as it claims to speed up your website 50 times securer and faster than your regular WordPress. Now you might be wondering what it does to improve the speed of your website at such an considerable rate and the answer to this is that makes use of a caching engine known as Falcom . You can get this plugin for free, but there are advanced features that makes it a  premium plugin as well. So this is something great that one needs who can afford and make their security quite stringent.

Among its many benefits this  plugin  secured your website from bruteforce attack and this adds a authentication which is a two factor one can be added through SMS.

It also  gives you the leverage to  block the traffic coming from any particular country.
Along with this you can also leverage a firewall that saves people to block traffic which is not coming from a legitimate source, scanners and bonets.

It also has the ability to scan self hosting such as your backdoors that includes  R57,C99, and several others.

It notifies you with an email in case it detects any malicious activity.
It has the ability to scan your WP post along with comments to find out the malicious code and this also supports multiple websites. Plus it gives you the benefit if checking the traffic in the real time or any other suspicious threat to which your website is vulnerable.

2) All In One WP Security & Firewall

Prevention is certainly better than cure can certainly count of the WP plugins that check all the vulnerable areas that can affect your WP website. This plugin comes with certain recommendations for security which considerably reduces all the security risks. It also renders you security against bruteforce attack and locks those visitors who try to barge in your website using bruteforce.

Along with this you also get  email notification for those who accidentally gets locked when the login attempts fail.It also has the ability to find out weak password and makes sure that the users try to enter a strong one. This is not it as it can also monitor the activity of the users account  and also tracks down the username, their IP and even their login date time.

Using this plugin you can even schedule an automatic backup of your website and can also get email notification. This plugin also protects PHP code as it disables the editing area of  admin area.

Further you also get to add a firewall in web application into your WP website and it also enables 5G Blacklist that helps you avoid all the attacks that allows you to safeguard your website. This do not allow you to keep a check on the following such as bad query strings,  CSRF, prevent XSS, malicious bots, SQL injection, and any other security threats.

3) Sucuri Security

Sucuri Security is yet another plugin that helps WP website owners to stringent their security. Developed by Sucuri which is one of the popular company for developing WordPress security. This plugin is a great security feature such as security activity auditing, file integration monitoring, malware scanning, website firewall and blacklist monitoring.

This is not it as it also comprises of  search engines that can blacklist malicious activities such as  Norton, Google Safe Browsing, Sucuri Labs,  McAfee Site Advisor and several other that can prove to be of greater help. It further has the ability to notify users of any suspicious activity lingering around.

This plugin also has the ability to save guard your website from several malicious attacks such as  Zero Day Disclosure Patches, DOS attack, bruteforce attacks and several other attacks that intervene the integrity of the websites. Further it also maintains a all the activities performed by the user and uses the Sucuri cloud to store all the data.

This means that the login credentials of even the nefarious hackers who will try to circumvent the security rules the record with get saves in the operation center of  Sucuri’s security . For those who think that their website needs extra security can purchase premium services of Sucuri.

Seal your database manually

It is not just the plugins that can help you to improve the security of your website wherein there are several manual methods you need to use to protect your WP website. One of the them is to seal your database. Hackers actively take advantage if they get to know the names of the database tables prior to the installation process. One of the reason for that is because of the prefix ‘wp_’ and this gives hacker a food for thought.

The first thing we need to know that  wp-config.php that we are altering the prefix. You need to open up the file in order to make changes.

$table_prefix = ‘wp_’;
Add some numbers or letters:

$table_prefix = ‘wp_2a4_’;

Afterwards it is required of you to go to it and then change the name into your database. You can run the command as shown in the following  11 tables:

RENAME TABLE ‘wp_commentmeta‘ TO ‘wp_2a4_commentmeta‘;

You might have come across to the references in the old prefix that you might need to clear. You can run the query to list everything from the options table by making use of any old prefix.

SELECT * FROM ` wp_2a4_options` WHERE `option_name` LIKE’%wp_%’

However, you need to make sure that you need to go through the every single update.

After that you need to take a look at the UserMeta table, which is similar to the other process:

SELECT * FROM ` wp_2a4_usermeta` WHERE `meta_key` LIKE’%wp_%’

This further allows you to apply limitations to your database tables to give authorities such as read and write privileges such as : INSERT, SELECT, DELETE, and UPDATE . This also gives the privilege to the user that can give admin and database structure such as : ALTER, GRANT, and DROP.

However this required you to update the core and also incorporation new plugins which is a new tricky business as they are required to make changes in the structure of the database. Those who will choose this route will need to be quite particular about their backup.