Security is the number one concern for WordPress professionals.
Your site going down is the least of your problems; malware injection attacks can ruin your website performance and ranking in a number of creative ways. You usually don’t find out about it until your website gets blacklisted by Google, and the damage has been done by then.
And the worst part?
All the security articles out there keep recycling the same bits of advice that are about as efficient as putting a band-aid over a stab wound.
Pictured: 10 steps to secure your WordPress website
So what can be done? Tony Perez from Sucuri summed it up well in a WordCamp Europe 2014 talk – it’s about awareness and posture. Be vigilant.
Anticipate that your website will be compromised, and have a plan ready.
The ManageWP security check has been one of the most commonly used ManageWP tools. Regular checks are the easiest way to catch a suspicious line of code on your websites and find out about the problem before it escalates.
This is the reason why we decided it’s the first thing to be completed on the Orion road map.
Orion Security Check
The security check scans the pages on your website and compares the code against the known malware knowledge base. It also performs a blacklist check with a number of services, like Google Safe Browsing, Norton Safe Web, ESET, etc. It also flags certain site errors and outdated software.
Green is clean, as my hippie parents used to say
If the check comes back positive, a more detailed report will be generated. If it’s malware, you’ll get a more detailed description, as well as the list of affected files. It’s important to note that ManageWP does not clean malware for you, at least not directly. You can use ManageWP backups to roll back to a clean version of your website; you can also try cleaning the malware yourself, or hire a professional to do this for you.
Red is bad, as my survivalist grandpa used to say
How does the Orion security check differ from the classic ManageWP check?
History. Each scan result is now being stored in the archive. It allows you to look back into the past, investigate each security threat and discern a pattern if needed.
In the next few days the security checks will be implemented into Orion client reports, and you’ll be able to send them to your clients.
(Update: as of January 15 the client report integration is available to all Orion users)
Our core philosophy is to automate as much of your workload as possible and let you focus on things that matter. That’s why we’ll back once the current roadmap is complete and create a fully automated security check. It’ll be just like with the backups and plugin updates; as soon as you log into your ManageWP dashboard, you’ll get a summary of all the security checks, with special attention on potential threats to your business.
Do you have any suggestions on how to further improve the security check? We already have plans for a security module down the line, is there anything else we could do to make your life easier?
Let us know in the comments below!