Website Security Audit 7 Steps to a More Secure WordPress Website

Sooner or later, most websites run into some kind of security issue. A user may have left their account information somewhere they shouldn’t have, an attacker might be targeting your site, or a plugin could have opened up a security breach. No matter what the specific problem might be, a website security audit is the best way to spot these types of issues before they can cause significant damage.A full security audit can take some time to complete since it usually involves several steps. For example, youll want to make sure that WordPress and all of its components are up to date, and your backup system is working as it should. However, this time investment can pay off significantly in the long run, protecting both you and your sites visitors.In this article, we’re going to go over seven critical steps for conducting a comprehensive security audit of your website.We have a lot of ground to cover, so let’s get right to it! A lot of people don’t pay too much attention to website security until it directly affects them. To put it another way, if there’s a security breach on your site, then you know you already dropped the ball at some point before that happened.The point of a full website security audit is that it enables you to review your policies and strengthen them, so you can lessen the chance of any issues down the road. By carrying out these audits periodically, it’s less likely that you’ll miss any glaring security issues, which should help ensure that your users’ data is well protected.Its a good idea to do this at least once a year, although you may want to increase the frequency if your site is large or contains particularly sensitive information (such as payment details).How to conduct a website security audit (in seven steps)A thorough security audit should involve several steps since youll be evaluating your site from top to bottom. Let’s go through the most important tasks in order.1. Che ck for any WordPress core, plugin, theme, or PHP updatesOutdated software is one of the leading causes of website security issues. The more obsolete a piece of software becomes, the more likely it is that attackers will be able to find vulnerabilities and exploits they can use to get into your website and cause severe damage.That’s why WordPress is so insistent about prompting you to use its latest version and to update any plugins and themes installed on your website. The longer you wait to update your site’s components, the more at risk you are.That also applies to your servers PHP version, which is the language WordPress is built on top of. Recent versions of PHP are more secure and faster, so it’s worth updating to the latest builds whenever possible.2. Manage your backups and back-up toolsAside from updating your website’s components, the most important thing you can do to ensure its safety is to back up its data often. That means creating full backu ps of all your files and your site’s database and keeping copies in multiple locations.For an optimal setup, we recommend using a hosting provider that backs up your website often. On top of that, you should also set up an independent backup solution of your own. If you’re looking for a great backup plugin, we recommend UpdraftPlus: UpdraftPlus WordPress Backup Plugin Author(s): UpdraftPlus.Com, DavidAndersonCurrent Version: 1.16.17Last Updated: September 12, 2019updraftplus.1.16.17.zip 96%Ratings 29,914,741Downloads WP 3.2+Requires With UpdraftPlus, you can create manual backups at will and automate the process. That way, you’re free to focus on other things.3. Assess your usernames, passwords, and database nameMost people are terrible at  choosing safe credentials. In the worst-case scenario, you’ll reuse the same username and password across multiple accounts. That means if there’s a single data breach, it will compromise all of them.F irst, if you’re using a default username such as admin for your WordPress account, you’ll want to change that right away. Likewise, make sure to set up a long, secure password:Ideally, you’ll use a password manager such as Keeper or Dashlane to help you generate unique, secure passwords and keep track of them. You should also insist that your collaborators do the same, and if possible, enforce secure passwords for your regular users as well.Likewise, using the default prefix for your WordPress database can make it easier for users to identify and attempt to gain access to it. So go ahead and change it from  wp_  to something thats not so easy to guess.4. Remove unused plugins, themes, and files from your serverMost of us install more plugins and themes than we ever end up using. Likewise, when we’re done with a plugin, we often forget to uninstall it. The problem is that sometimes those old plugin and theme files can open up security vulnerabilities o n your site, even if they’re deactivated.This step is pretty simple – take a look at your Themes and Plugins tabs, and consider which ones you really need. If there are any that you’ve had deactivated for a while, then go ahead and get rid of them:Once you uninstall those themes and plugins, you might want to make sure they didn’t leave any files behind.5. Evaluate your brute force attack prevention methodsYour WordPress login page is the first line of defense against attacks, so it’s essential that you make sure it’s secure against brute force attempts. There are several ways you can do that, including:Implementing Two-Factor Authentication (2FA)Limiting the number of login attempts from a single IP within a set period of timeWhitelisting which IPs have access to the dashboardChanging the default WordPress login URLThis can involve quite a bit of work. However, you only need to implement each of those security measures once, and then you ca n forget about them until your next security audit.6. Log out or remove inactive usersIf you’re anything like us, you may avoid logging out of many websites, so you don’t have to go through the hassle of entering your credentials the next time you visit. However, that inconvenience is a small price to pay to ensure that if you lose your device, no one else can use your accounts.The easiest way to prevent that situation from happening is to configure WordPress to log out idle users automatically after a set amount of time. That way, no one can use their accounts to try and access your site. You can set this up with the free Inactive Logout plugin: Inactive Logout Author(s): Deepen BajracharyaCurrent Version: 1.9.2Last Updated: September 25, 2019inactive-logout.1.9.2.zip 96%Ratings 56,586Downloads 4.6.0Requires 7. Find and eliminate vulnerabilitiesLast but not least, there are a lot of useful tools you can use to scan your website and look for (and even patch) vul nerabilities. We’re talking, of course, about WordPress security plugins.Using a WordPress security plugin can help you protect your website, by enabling you to run regular scans for vulnerabilities and infected files.There are lots of options to pick from, but if you want a quick recommendation, you can’t go wrong with Sucuri. It offers a ton of options while remaining very user-friendly: Sucuri Security Auditing, Malware Scanner and Security Hardening Author(s): Sucuri Inc.Current Version: 1.8.21Last Updated: May 9, 2019sucuri-scanner.1.8.21.zip 88%Ratings 5,232,030Downloads WP 3.6+Requires Wordfence is another good option you can see the differences between Wordfence and Sucuri here.On top of security tools, we also recommend that you set up a WordPress activity log plugin. WP Security Audit Log, for example, helps you keep track of every little thing that happens on your website. That includes user logins, changes to your pages, file modifications, and mo re: WP Security Audit Log Author(s): WP White SecurityCurrent Version: 3.5Last Updated: September 23, 2019wp-security-audit-log.3.5.zip 94%Ratings 1,633,644Downloads WP 3.6+Requires Combine security and audit log plugins with all the measures we covered above, and your website should be as secure as a military base.ConclusionSmart website security practices tend to focus on prevention. By making sure you’re on top of key tasks, you can prevent most security issues from affecting your website down the road.For example, just making sure your backup system works can save you a lot of headaches if you ever face a security breach or if your site malfunctions.There are a lot of steps involved in a thorough security audit. However, some of the most important processes involve updating all of your site’s components, ensuring that your login page is well-protected, and enforcing strong password practices.For the cost of a few hours of effort, you can protect your websit e and its users much more effectively.Do you have any questions about how to conduct a full security audit of your website? Let’s talk about them in the comments section below! Spend some time auditing your #WordPress site's #security by following these 7 steps 🔒

Magnesium Facts (Mg or Atomic Number 12)

Magnesium Facts (Mg or Atomic Number 12) Magnesium is an element that is essential for human nutrition. This alkaline earth metal has atomic number 12 and element symbol Mg. The pure element is a silver-colored metal, but it tarnishes in air to give it a dull appearance. Crystals of pure magnesium metal. Lester V. Bergman / Getty Images Magnesium  Basic Facts Atomic Number: 12 Symbol: Mg Atomic Weight: 24.305 Discovery: Recognized as an element by Black 1775; Isolated by Sir Humphrey Davy 1808 (England). Magnesium first came into use as magnesium sulfate or Epsom salt. The story goes that in 1618 a farmer in Epsom, England could not get his cattle to drink from a well with bitter-tasting water, yet the water seemed to heal skin conditions. The substance in the water (magnesium sulfate) came to be known as Epsom salts. Electron Configuration: [Ne] 3s2 Word Origin: Magnesia, a district in Thessaly, Greece (Davy initially suggested the name magnium.) Properties: Magnesium has a melting point of 648.8 °C, boiling point of 1090 °C, specific gravity of 1.738 (20 °C), and valence of 2. Magnesium metal is light (one-third lighter than aluminum), silvery-white, and relatively tough. The metal tarnishes slightly in air. Finely divided magnesium ignites upon heating in air, burning with a bright white flame. Uses: Magnesium is used in pyrotechnic and incendiary devices. It is alloyed with other metals to make them lighter and more easily welded, with applications in the aerospace industry. Magnesium is added to many propellents. It is used as a reducing agent in the preparation of uranium and other metals that are purified from their salts. Magnesite is used in refactories. Magnesium hydroxide (milk of magnesia), sulfate (Epsom salts), chloride, and citrate are used in medicine. Organic magnesium compounds have many uses. Magnesium is essential for plant and animal nutrition. Chlorophyll is a magnesium-centered porphyrin. Biological Role: All known living cells require magnesium for nucleic acid chemistry. In humans, over 300 enzymes use magnesium as a catalyst. Foods rich in magnesium include nuts, cereals, cocoa beans, green leafy vegetables, and some spices. The average adult human body contains 22 to 26 grams of magnesium, mostly in the skeleton and skeletal muscles. Magnesium deficiency (hypomagnesemia) is common and occurs in 2.5 to 15% of the population. Causes include low calcium consumption, antacid therapy, and loss from the kidneys or gastrointestinal tract. Chronic magnesium deficiency is associated with hypertension, type 2 diabetes, and metabolic syndrom. Sources: Magnesium is the 8th most abundant element in the earths crust. While it is not found free it nature, it is available in minerals including magnesite and dolomite. The metal may be obtained by electrolysis of fused magnesium chloride derived from brines and seawater. Atomic Weight: 24.305 Element Classification: Alkaline Earth Metal Isotopes: Magnesium has 21 known isotopes ranging from Mg-20 to Mg-40. Magnesium has 3 stable isotopes: Mg-24, Mg-25 and Mg-26. Magnesium Physical Data Density (g/cc): 1.738 Appearance: lightweight, malleable, silvery-white metal Atomic Radius (pm): 160 Atomic Volume (cc/mol): 14.0 Covalent Radius (pm): 136 Ionic Radius: 66 (2e) Specific Heat (20 °C J/g mol): 1.025 Fusion Heat (kJ/mol): 9.20 Evaporation Heat (kJ/mol): 131.8 Debye Temperature (K): 318.00 Pauling Negativity Number: 1.31 First Ionizing Energy (kJ/mol): 737.3 Oxidation States: 2 Lattice Structure: Hexagonal Lattice Constant (Ã…): 3.210 Lattice C/A Ratio: 1.624 CAS Registry Number: 7439-95-4 Magnesium Trivia: Magnesium was originally named magnium by Humphrey Davy after isolating the element from magnesia, known now as magnesium oxide.The 1915 Nobel Prize in Chemistry was awarded to Richard Willsttter for his work with the chlorophyll and identifying magnesium was the central atom in its structure.Epsom salt is a magnesium compound, magnesium sulfate (MgSO4).Magnesium is the 10th most abundant element in the human body.Magnesium will burn in pure nitrogen gas and pure carbon dioxide gas.Magnesium is the fifth most common element found in seawater. Sources Emsley, John (2011).  Natures building blocks: An A-Z Guide to the Elements. Oxford University Press. ISBN 978-0-19-960563-7.Greenwood, Norman N.; Earnshaw, Alan (1997).  Chemistry of the Elements  (2nd ed.). Butterworth-Heinemann. ISBN 978-0-08-037941-8.Hammond, C. R. (2004). The Elements, in  Handbook of Chemistry and Physics  (81st ed.). CRC press. ISBN 978-0-8493-0485-9.Rumble, John R., ed. (2018). CRC Handbook of Chemistry and Physics (99th ed.). Boca Raton, FL: CRC Press. ISBN 978-1-1385-6163-2.Weast, Robert (1984).  CRC, Handbook of Chemistry and Physics. Boca Raton, Florida: Chemical Rubber Company Publishing. ISBN 0-8493-0464-4. Return to the Periodic Table