A recent article reported that WordPress.com is moving to enable HTTPS by default on all of its 600,000 hosted sites. This is a huge security win for WordPress.com users and the Internet at large. It sets a high security bar for other entities to strive for, and of course helps protect users and visitors from prying eyes.
If you’re a WordPress.com user, one way to take advantage of WordPress.com’s exemplary efforts is to go further and enhance the security of your WP.com site with protection services.
The first and probably most fundamental upgrade to your site’s security is to implement a web application firewall, or WAF. With a simple DNS change and SSL cert approval, SiteLock TrueShield WAF protects sites, WordPress.com or otherwise, from malicious traffic, suspicious bots, scrapers and spam comments. The PCI-compliant TrueShield WAF supports SSL and Extended Validation SSL. Service packages depend upon protection capabilities desired.
The next upgrade to WordPress.com security is a malware scan. The SiteLock Website Scan crawls sites looking for malicious code and links and immediately alerts the site owner if any are found. The Malware Scan runs daily to find malware early and keeps sites off of blacklists, and results can be viewed in the SiteLock Dashboard or downloaded as CSV for analysis and remediation.
Speaking of blacklists, the final security upgrade is a spam scan. The SiteLock Spam Scan monitors all industry-leading search engine and spam blacklists for the customer’s domain and, again, immediately alerts the customer to any adverse reports. This allows the quickest way to remediation if the worst happens, reducing, if not eliminating, customer interaction with the dreaded ‘reported attack site’ screen.
With WordPress.com’s commitment to web security, and SiteLock’s 24/7/365 security services, effective web and WordPress security is attainable for every WordPress.com user.