Software Security Tips

In this tutorial, we provide a number of software security tips to help tighten your WordPress security and overall web security.

Software Security TipsThis tutorial is part of our tutorial series on WordPress Security. In this tutorial, we provide a number of software security tips to help tighten your WordPress security and overall web security.

Please also review our WordPress Security Guide For Beginners and our free WordPress Security Checklist.


Software Security Tips

Below are some important tips and useful information to keep in mind regarding keeping your computer protected from malware attacks.

Don’t Run More Than One Security Program At The Same Time

Running more than one antivirus program at the same time can potentially cause conflicts that affect PC performance. Don’t run more than one antivirus program at the same time. You will cancel out the protection afforded by these programs.

Keep Your Antivirus Definitions Updated

For the most part, your antivirus software can only protect your computer from known threats.

New malware and new viruses (i.e. unknown threats) are continually being developed and regularly unleashed on online users by hackers and malicious users.

Much like scientists working on developing medical vaccines, when antivirus companies discover, are notified and/or get hold of new harmful scripts and viruses, they work on quickly developing a way to protect your computer from being infected by these newly detected threats, and release the new protection methods as updated “definitions”.

Some companies release new definitions for their software on a weekly basis. It’s really important, therefore, to keep your antivirus software definitions regularly updated. Fortunately, most software programs let you set your computer to receive automatic antivirus definition updates.

If you have your computer turned off for a long time, make sure that one of the first things you do when you go back online is to update your definitions.

Configure Your Antivirus Settings To Perform Regular Full System Scans

Just as we recommend keeping your antivirus definitions updated, it’s also a good idea to perform full system scans of your computer on a regular basis, including email scans. Once again, most security software programs let you set up automated scans.

Only Download Software Programs From Trusted Sites

Downloading files and software from unsecured and untrustworthy sites is one of the main ways computers get infected with malware. Sites can be very appealing, and entice users with “free” downloads, such as games, videos, screensavers, ringtones, cheats, money-making “secrets”, and even free WordPress plugins and themes.

If in doubt about the trustworthiness of a website, look for the following signs:

  • The site displays a secure connection in your browser address bar. Look for a secure connection (e.g. ‘https://’ insted of ‘http’) and a security symbol, like a padlock, etc. Secured sites should change from the http:// prefix to https:// or shttp:// when you are prompted to type in a user name and password. Note, however, that just because a site transmits data securely, it doesn’t mean it has a good reputation. See the other indicators below for additional signs to look for.
  • The site displays a trust certificate from a reliable organization (e.g. Better Business Bureau).
  • The site is the official website of a popular brand or name (e.g. eBay, Google, Amazon, etc).
  • Search for website reviews. Type in “name of site + review” (e.g. “ review”) into Google and go through some of the results to see what other users experiences with that site have been. Alternatively, type in “name of site + scam” (e.g. “ scam”) and see if anything comes back.
  • Look for suspicious activity. Be wary of sites that ask for personal information for no good reason. If you’re not buying anything, you don’t need to give any information away.
  • Links sent through email. Classic ‘phishing’ emails purport to come from well-known sites (e.g. ‘’) but when links are hovered over with the mouse, they show a completely different domain name as the destination address. Unless you know and trust the sender, be wary of phishing scams and try to avoid clicking on website links in emails as much as possible.
  • Sales letters that seem to be too good to be true. You know the old saying, “if it seems to good to be true …”

Install A Security Toolbar

Many antivirus and antispyware programs offer the option of installing a toolbar on your browser with security features as an additional line of defense …

Computer Security

Many security toolbars include features that block pop-ups, spam, and known phishing sites. Some can even detect potential consumer scams and warn you when you visit a suspicious site.

Can’t I Just Use A Firewall To Protect My Computer From Malware?

While we recommend using a firewall, the main purpose of a firewall is to stop other people from breaking into your system or computer network remotely. A firewall can’t stop malware from infecting your computer if you have allowed it to come in (e.g. by opening up a malicious attachment, or downloading infected files to your hard drive.

Why Not Just Use My ISP’s Antivirus?

Many Internet Service Providers (ISP) and free email providers offer some form of antivirus protection at the server level. While it’s great to have this added layer of protection, server-level antivirus programs can’t protect your computer from getting infected by malware downloaded from infected or malicious websites.

Create Separate User Accounts

It’s a good idea to create user accounts separate from the default administrator account, especially if you work from home, and other members of your family access your computer. By keeping admin and user accounts separate, you only need to log in as the administrator when changes to the computer are required. This minimizes the frequency of accessing the admin account, which limits opportunities or hacking.

You may also want to create an individual user account for each member of your family who uses the computer. This will allow each person to keep his or her information private.

Don’t Share Files With People You Don’t Know

Sharing files can allow a hacker to look at information stored on your computer or plant a virus to infect your computer. Learn about the risks of file sharing, and learn how to disable file sharing on your operating system to prevent these risks. If a file sharing program is installed on your computer, be sure that it does not run automatically when you boot up your computer.

Delete Unused Software Programs

Programs that you no longer use are usually not updated and may not have the security patches that could stop a hacker from accessing your computer. Back them up to an external drive and then delete/uninstall these programs from your machine.

Read The Software License Agreement

Before installing any downloaded software, review the End-User License Agreement (EULA). This is the legal contract between a software application author or publisher and the user of that application. Many free downloads come with spyware and other programs that you would not want installed on your computer. By reading the software agreement carefully, you will be able to find out if the software you are installing comes with any “hidden” extras.

Don’t Use Unlicensed Software

Pirated software is illegal, and sites that distribute illegal software are often loaded with malware. Unlicensed software can also be susceptible to viruses and incompatible with updates and patches designed to fix vulnerabilities in the software. Some unlicensed software copies may even come with viruses pre-installed.

Don’t Install Unknown Devices Into Your Computer

If you find a USB drive that does not belong to you, do not plug it into your computer, as it may be a trap for unsuspecting users to test their curiosity and could deliberately contain viruses. Treat it like any lost public property and hand it over to an authority or to the police.

What To Do If All Else Fails

If you suspect that malware is affecting your computer, stop any online activities that involve usernames, passwords, or other personal information immediately. Scan your computer with an antivirus software and delete anything that the program finds to be suspicious. If the problem is not resolved call for professional technical help from a computer security services company, repair shop, or your computer manufacturer.

If despite all of your efforts to keep your computer secure, you end up discovering that your computer has become badly infected, you may end up having no choice but to perform a complete reinstall of your computer operating system and restore your data from a previous backup. This is why it’s so important to have a computer backup system in place before disaster strikes.

To learn more about creating a computer backup system, see the tutorial below:


Congratulations! Now you know how to protect your computer from malicious software and software-based security threats.

Review Software Security Tutorials …

Also …

  • User Security: Learn how to protect your assets from unauthorized users.
  • Password Security: Learn how to improve password security everywhere.
  • Browser Security: Learn how to keep your internet browser secure and browse safely online.

Software Security Tips

(Source: Pixabay)


"This is an awesome training series. I have a pretty good understanding of WordPress already, but this is helping me to move somewhere from intermediate to advanced user!" - Kim Lednum


Software Security – How To Prevent Malware Attacks

In this tutorial, we look at ways to prevent malware attacks on your devices using Antispyware, Antivirus, and Firewall Software.

Software Security - Preventing Malware AttacksThis tutorial is part of our tutorial series on WordPress Security. In this tutorial, we look at ways to prevent malware attacks on your devices using Antispyware, Antivirus, and Firewall Software.

Please also review our WordPress Security Guide For Beginners and our free WordPress Security Checklist.


Software Security – Preventing Malware Attacks

If you plan to do anything online, then you must accept the fact that Malware is not going to go away, and that new forms of malware are simply going to keep surfacing on a regular basis.

The two main ways of dealing with malware are:

  1. Stay informed and up-to-date
  2. Secure your computer against viruses, spyware, and malware.

Staying Up-To-Date

If you are interested in staying up-to-date with the latest malware threats, you can visit threat update pages from reputable security companies like the ones listed below:

Securing Your Computer

Making sure that your computer is free of spyware, malware, and virus infections is vitally important to your online security. There’s no point securing your WordPress site if a keylogger is installed on your computer and can send your password and login details to hackers.

Antispyware / AntiVirus Protection

Anti-spyware programs combat spyware by providing real-time protection, scanning, and removal of any spyware software found on your computer. Antivirus software performs a similar function, but it looks instead for viruses, worms, and trojans, mostly sent to you via email.


Tip: Make sure that any antispyware programs you install on your computer are authentic. Unfortunately, some programs marketed as free spyware detectors will actually install spyware on your computer. It’s best to stick with antispyware software from reputable and trusted manufacturers.

Below are some of the most widely-used and trusted computer protection software programs available to help keep your computer free of malware, spyware, viruses, etc…

Some of the programs listed below are available as a standalone software package, and others are available as part of an integrated security solution. Many security companies offer free or trial versions of their products

Important Info

We recommend investing in a reliable commercial antispyware/antivirus program for maximum protection against malware and to prevent and eliminate spyware and viruses from infecting your computer system.

Microsoft Security Essentials

Microsoft Windows has a free security program called Microsoft Security Essentials that works in the background to protect your PC. It checks for updates automatically a few times a day and doesn’t slow your PC down while it works …

Microsoft Security Essentials

The program is easy to use and allows you to see if your computer is secure from threats using a very simple system – if the icon next to your computer clock is green, everything’s good; if it’s red, then something is wrong and needs immediate attention …

Microsoft Security Essentials

Clicking on the icon will then open up an alert window notifying you of the problem, and giving you options to fix the issue or potential threat …

Microsoft Security Essentials

Microsoft Security Essentials is available as a free download …

Microsoft Security Essentials

To download this software program, visit the site below:

Lavasoft’s Ad-Aware


Ad-Aware is one of the world’s most downloaded security software programs. It immediately detects malware before it harms your PC, scans your download files before they have a chance to inflict damage, and automatically protects your computer from the latest threats and the newest malware being distributed through bad URLs and malicious websites.

Ad-Aware is available in different versions (see below).

To learn more about the Ad-Aware software products, visit the sites below:

Spybot Search & Destroy

Spybot Search & Destroy

Spybot Search & Destroy is a free and constantly updated antispyware utility that targets adware, malicious code and other threats. Spybot isn’t a replacement for a full antivirus program, but it can detect and remove a multitude of adware files and modules from your computer and remove some other threats.

You can use the adware and malware scanner to regularly check your system. Spybot has been around for years, and so offers users plenty of resources like tutorials, FAQs, how-tos, forums, etc.

To learn more about the Spybot software product, visit the site below:



Malwarebytes Anti-Malware software uses industry-leading technology to detect and remove all traces of malware, including worms, Trojans, rootkits, rogues, dialers, spyware, and more. There is also a Malwarebytes Anti-Malware PRO version that provides constant protection and helps to automatically prevent malware from reinfecting your PC.

To learn more about Malwarebytes, visit the site below:



Avast is one of the most downloaded and highly recommended Antivirus programs available. It’s a complete security tool that protects you from all threats – Internet, email, local files, peer-to-peer (P2P) connections, instant messages, and more. Avast also has a “heuristics engine” that can detect previously unknown viruses and other malware.

To learn more about Avast security software, visit the site below:

Kaspersky Lab

Kaspersky Lab

Kaspersky Lab is one of the fastest growing security companies in the world and has a mission to provide the world’s most effective, responsive and efficient protection against cyber-threats for all online users. Free virus scans and free trials of security products are available from the Kaspersky site

To learn more about Kaspersky security products, visit the site below:



Bitdefender provides a range of security software solutions that are easy to set up and configure. The Bitdefender Antivirus Free Edition program uses very little system resources, so it won’t slow down your computer. It also provides constant virus protection (also called on-access or resident protection) for free, which makes it a viable alternative to paid solutions from companies that charge for their software and for yearly access to updates (e.g. McAfee, Norton, etc…).

To learn more about Bitdefender security products, visit the site below:

Norton By Symantec

Norton Security Products

Symantec’s Norton range of software products provides comprehensive security protection for computers (and mobile devices). Norton products are available as standalone packages or as a ‘one-in-all’ security solution. For example, Norton 360 is easy to install and provides complete computer security by integrating antispyware, antivirus, and firewall protection …

Norton 360

To learn more about Symantec’s range of security products, visit the site below:

AVG Antivirus

AVG Antivirus

AntiVirus Free from AVG provides a comprehensive antivirus and antispyware solution that also includes an email scanner, link scanner, scheduled scanning options, automatic updates, and more.

AVG is considered by many to be one of the best free antivirus programs available today. It is a set-and-forget software program that is frequently updated and includes many premium features.

To learn more about the AVG security software, visit the site below:



McAfee provides comprehensive protection for home and office computers, and cost-effective security solutions for businesses.

To learn more about McAfee security products, visit the site below:

Trend Micro


Trend Micro Antivirus software provides protection against malware attacks and offers accurate phishing and spam protection, plus and a firewall booster that can block exploit attacks.

To learn more about Trend Micro, visit the site below:

Useful Information

If you are interested in comparing how different antivirus software programs perform, the AV-TEST Institute is a leading international and independent service provider in the fields of IT security and anti-virus research. They independently examine free and paid antivirus programs and rank them for protection, repair, and usability. …

AV-Test Institute

As antivirus programs are regularly updated, AV-TEST updates the latest test results every few months.

To view detailed test reports for antivirus programs, visit the AV-TEST site below:

Firewall Protection

Firewalls are an important part of your overall online security strategy. A Firewall analyzes traffic data (known as ‘packets’) before it is allowed into your computer and makes sure that it is not malware.

A firewall is like a security guard standing outside a busy nightclub. Its main job is to check everyone coming in while also keeping any undesirables out.

To learn more about using firewalls, see the relevant section in the tutorial below:

Below we have listed a number of software-based firewall programs you may want to look into for protecting your computer from external attacks. Most simple two-way firewalls ask you to allow or deny Internet access to unknown programs. Many automatically allow trustworthy apps and remember your decisions to become silent over time.

Windows Firewall

Microsoft Windows comes with a built-in firewall program. We recommend choosing an alternative firewall solution, however, as these tend to offer easier control of outbound protection and additional features.


If you plan to install a third-party firewall solution, make sure to disable the Microsoft Firewall first, as having two firewalls running simultaneously will create problems.

To do this, click on the ‘Start’ button (the Windows icon located on the bottom left-hand corner of your screen) …

Computer Security

Choose ‘Control Panel’ …

Computer Security

Click on ‘System and Security’ …

Computer Security

Click on ‘Windows Firewall’ (or ‘Check firewall status’) …

Computer Security

From the menu, select ‘Turn Windows Firewall on or off’ …

Computer Security

Here you can turn Windows Firewall on, or off (not recommended unless you are installing a third-party firewall program) …

Computer Security

Note: Some security programs will override your system’s default settings to prevent conflicts from happening. Depending on the security product you have installed, you should see a notification that your security settings are being managed or overridden by the program you have installed …

Computer Security

Norton By Symantec

Norton Security Products

We covered the Norton security products earlier. As well as antivirus protection, Norton products also provide a Firewall program.

To learn more about Symantec’s range of security products, visit the site below:



Comodo is a robust firewall software solution that consistently scores highly in security tests and security expert reviews.

Comodo includes a “memory firewall” (protects against buffer overflow attacks) and a “sandbox” component that limits unknown applications and new software installations from affecting your computer. If an unknown application attempts to enter your computer via the firewall, Comodo will deny the application and ask you what to do. Comodo’s firewall software application for Windows is available as a free download.

To learn more about Comodo Firewall, visit the site below:



ZoneAlarm is a simple and user-friendly firewall application. ZoneAlarm is currently installed on over 80 million computers and offers advanced firewall protection that monitors programs for suspicious behavior spotting and stopping new attacks that bypass traditional anti-virus protection.

ZoneAlarm offers a free download of the software with certain conditions (e.g. individual and not-for-profit use).

To learn more about ZoneAlarm, visit the site below:



Private Firewall is a feature-packed firewall solution made available as unrestricted freeware. It provides a multi-layer security solution that includes behaviour blocking technology, standard firewall protection, virus, spyware, and malware protection, process and application security, registry protection and more.

Additionally, there are many configurable settings, allowing you to set different security levels for Internet access and computer network security (ie. file and printer sharing) and configure different profiles (e.g. Home, Office, and Remote). Private Firewall is a very effective firewall program, but it is aimed primarily at slightly more advanced users.

To learn more about PrivateFirewall, visit the site below:


In addition to the products listed above, we recommend that you search online for user and technology reviews and do your own thorough research and due diligence before investing in a security software program.


As well as enabling firewalls on your computer and other devices in your network, you can also add a firewall to your WordPress site, using plugins.

You can search for Firewall plugins inside your WordPress dashboard (Plugins > Add New), or the WordPress Free Plugin Directory …

WordPress Plugin Search - Firewall

(WordPress Plugins – Firewall)

Search the WordPress Free Plugin Repository for firewall plugins below:

Next Step:

Now that we’ve looked at ways to prevent malware attacks on your devices, the next step is to review useful software security tips.

To review more software security tips, go here:

See Also …


Software Security - Preventing Malware Attacks

(Source: Pixabay)


"Your training is the best in the world! It is simple, yet detailed, direct, understandable, memorable, and complete." Andrea Adams,


Common Software Security Threats

Learn about common software security threats that can put your web security at risk.

Common Software Security ThreatsThis tutorial is part of our tutorial series on WordPress Security. In this tutorial, we look at common software security threats that can put your web security at risk.

Please also review our WordPress Security Guide For Beginners and our free WordPress Security Checklist.


Common Software Security Threats

Below are some of the more common types of software security threats you need to try and prevent from attacking your computer or computer devices:

Computer Viruses

Viruses are designed to do damage in some form to you, your computer, and other people’s computers. They can damage certain files or data in your computer, or affect your hard drive and damage your device.

There are many ways that a computer can become infected by a virus. This can include downloading infected files directly, visiting sites that automatically download bad source code to your browser, or using external storage devices (e.g. USB memory sticks or portable hard drives) that contain infected files. Almost all computer viruses enter your system disguised in something else (e.g. an email attachment).

With the right kind of protection, most viruses can be stopped before they infect your computer.

Computer Worm

Computer worms cause harm to your computer by duplicating themselves in order to infect other computers. Worms attack computers by exploiting security weaknesses.

A worm is a separate class of computer viruses. They do not attach themselves to existing source code like many computer viruses but are often standalone self-replicating scripts that can take over an application like your email client and begin distributing itself to others, either to harm other computers or to disrupt their activities.


Unlike a computer virus, the main purpose of spyware is not to cause malicious damage, but to collect information, often without the user’s knowledge. This can be information about your browsing habits, or, in the case of ‘key loggers’, to record everything you do (i.e. every keystroke you make and everywhere you visit).

The use of spyware can be controversial, as some employers use spyware to monitor employees activities, and many online merchants like Amazon, use cookies to track (i.e. spy on) customers’ buying habits.

Once installed on your computer, spyware can perform many activities, including:

  • Monitor your keystrokes for reporting purposes.
  • Scan files located on your hard drive.
  • Snoop through applications on your desktop.
  • Install other spyware programs into your computer.
  • Read your cookies.
  • Steal credit card numbers, passwords, and other personal information.
  • Change the default settings on your home page web browser.
  • Mutate into a second generation of spyware, making it more difficult to eradicate.
  • Cause your computer to run slower.
  • Display annoying pop-up advertisements, rewrite search engine results and alter the computer host file to direct the Domain Name System (DNS) to look up preselected sites.
  • Add advertising links to web pages for which the author does not get paid. Instead, payment is directed to the spyware programmer that changed the original affiliate’s settings.
  • Provide the user with no uninstall option, and install itself in unexpected or hidden places within your computer making it difficult to remove.

There are many different types of spyware, but generally what defines software as spyware, is that they are installed on your computer without your consent, for the purposes of transmitting personal or confidential information about you to another party. This information may be reporting on your web-surfing habits, or it may have more sinister purposes, such as trying to sniff out your credit card or bank account details.


Adware is a milder form of spyware. It is often used to track online behavior for marketing purposes (e.g. to understand visitor buying preferences). There is a difference between cookies that you allow to be installed on your computer to remember your preferences (e.g. when you return to a site that you frequently visit or buy from), and adware, which is spyware.


A rootkit is a stealthy type of software, typically malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer.

The term rootkit is a concatenation of “root” (the traditional name of the privileged account on Unix operating systems) and the word “kit” (which refers to the software components that implement the tool).

Rootkit installation can be automated, or an attacker can install it once they’ve obtained root or Administrator access. Obtaining this access is a result of direct attack on a system, either by exploiting a known vulnerability, or gaining access to the password by cracking, privilege escalation, or social engineering. Once installed, a rootkit can hide the intrusion while maintaining privileged access. The key is the root/Administrator access. Full control over a system means that existing software can be modified, including software that might otherwise be used to detect or circumvent it.

Rootkit removal can be complicated or practically impossible. Often, a complete reinstallation of the operating system may be the only available solution to the problem.

Key Loggers

Keystroke logging, often referred to as keylogging or Keyboard Capturing, is the action of recording (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored and that their privacy is being violated.

Key loggers can record not only your keystrokes, but they can also capture your instant messages, text messages, phone numbers, and even record your actions using your own webcam.

Trojan Horse

A Trojan horse, or Trojan, is a non-self-replicating type of malware program containing malicious code that, when executed, carries out actions determined by the nature of the Trojan, typically causing loss or theft of data, and possible system harm. The term is derived from the story of the wooden horse used to trick defenders of Troy into taking concealed warriors into their city in ancient Greece, because computer Trojans often employ a form of social engineering, presenting themselves as routine, useful, or interesting in order to persuade victims to install them on their computers.

Brute Force Attack

A brute force attack is where a software script repeatedly and persistently tries to guess your login credentials.


We have created a separate tutorial that explains how to prevent brute force attacks.

To learn more about preventing brute-force attacks, see the tutorial below:

Blended Threats

Blended threats are concentrated computer attacks that use a combination of malware such as a Trojan horse, worm, and spyware to try and penetrate a computer system’s defenses.

Buffer Overflow Attacks

A buffer overflow, or buffer overrun, happens when a program tries to write data to a buffer (a temporary storage location for data while the data is being transferred) and violates memory safety by overruning the buffer’s boundary and overwriting adjacent memory.

Buffer overflows result in erratic program behavior, including memory access errors, incorrect results, a crash, or a breach of system security. This forms the basis of many software vulnerabilities that can be maliciously exploited.

This is also one of the reasons why it’s important to install WordPress software like plugins and themes only from trusted and reliable sources.

Cross Site Scripting (XSS)

This type of computer vulnerability is often created through a combination of poorly coded software and an unsecured website. XSS attacks allow hackers to add scripts to web pages that get downloaded by other online users and end up infecting their computers.

According to Symantec, cross-site scripting carried out on websites accounted for most of all security vulnerabilities. These vulnerabilities can range from petty nuisances to significant security risks.

Next Step:

Now that we’ve looked at some of the more common types of software security threats, the next step is to look at ways to prevent malware attacks on your devices.

To learn more about preventing malware attacks on your devices, see the tutorial below:

See Also …


Software Security Guide For WordPress Users

(Source: Pixabay)


"Wow! I never knew there's so much to learn about WordPress! I bought one of the WordPress for Dummies three years ago, such authors need to be on this course!" - Rich Law, Create A Blog Now