Currently set to No Index

How Secure Is Your WordPress Website?

Currently, WordPress powers approximately 17 percent of all websites. Its popularity makes it a prime target for malware because its scope provides the opportunity for substantial impact once a vulnerability is identified. Web malware has increased approximately 140 percent in the past two years, and it is not likely to go away any time soon. WordPress users can take multiple, simple measures to increase site security during initial setup.

Numerous WordPress users are under the misconception that the most difficult part of building a fully-functional site is finding the right developers, and no further action is needed. For the most part, this might have been true when the platform first gained notoriety in 2007. Today, users need to take action against malware. To be frank, there is almost nothing worse for branding and PR than the impromptu discovery that a WordPress site has been sending advertisements for enlargement of various body parts.

What Attributes Make WordPress Sites Vulnerable?

WordPress sites are not inherently vulnerable. However, popularity combined with outdated plugins and themes can increase vulnerabilities, often from the time a site is created.

Outdated Versions of WordPress – One of the most prominent issues is outdated versions of WordPress. WordPress updates are intended to address various vulnerabilities on the CMS. However, core vulnerabilities are rarely an issue. Users can easily install security patches by updating WordPress sites instead of ignoring the message instructing them to do so. After all, WordPress has no incentive to prompt users to update sites for kicks. Users with limited knowledge about web design and maintenance are not the only ones who ignore the messages. In fact, a high-profile hack was recently reported on the Reuters website, which was running an outdated version of WordPress.

RELATED:   Wordpress and Search Engine Optimization - Facts to Consider

Outdated or Malicious Themes and Widgets – WordPress recently found approximately 80 percent of free themes had base64 encoding, which can be used for malicious purposes. Free themes and widgets offered by WordPress are as safe as possible. After all, WordPress does not want to jeopardize the safety and integrity of sites hosted on the CMS. Additionally, WordPress currently has over 20,000 plugins of varying quality. Some are outdated, and others have specific vulnerabilities encoded. Other sites for WordPress themes and plugins are typically risky.

Popularity and Ease of Access – Approximately 700 million websites used WordPress in May of 2014. Once a hacker can find a vulnerability on one WordPress site, he or she can scan other sites for a similar vulnerability. The opportunity to launch a large-scale attack with minimal effort is attractive. Attacks on WordPress sites can be surprisingly rudimentary. In early 2013, numerous brute-force attacks used the username “admin” and a combination of some of the most popular passwords in an attempt to gain access to servers, and the hackers were surprisingly successful at gaining admin access to numerous sites.

In short, a variety of simple factors make WordPress sites vulnerable. It is virtually impossible to diminish the CMS’s popularity. However, end users can take numerous steps to build a secure WordPress sites.

Five Easy Ways to Boost WordPress Site Security

It is important to start with basic best practices. Hire a developer from a reputable firm rather than a cheap freelance developer, and remain cognizant of small details that end users typically overlook.

RELATED:   Google Dart – Ready or not, a new Language Arrives

1. Find a Reliable Web Hosting Provider
hosting providers

Hosting vulnerabilities account for a large percentage of hacked WordPress sites. Select a web hosting provider with a good reputation and a good track record. Pay a little extra for a reliable hosting solution instead of immediately selecting the cheapest or most convenient option.

2. Use Strong Passwords and Change Them as Needed

Approximately 8 percent of hacked WordPress sites were hacked in part due to weak passwords. Make your password hard to guess, use special characters. Additionally, end users should change passwords as necessary. It is recommended that users change passwords after a new developer works on the site or after an employee with access to the site terminates his or her relationship with the company the site is associated with. It is also strongly recommended that different passwords are used for a WordPress site and the email address associated with it. Password creation and management might seem simple, but best practices are easily overlooked.

3. Use a Unique Username and Hide It in the Author Archive URL

Use a unique username that is not as obvious as “guest” or “admin.” “Admin” was the standard username for WordPress sites until version 3.0 was launched, and many users have kept the username “admin.” Change it by creating a new administrator account and subsequently deleting the original “admin” account. Additionally, hide the username in the URL bar. Hackers can see usernames in URLs from author archive pages due to a default setting on WordPress. Change the user_nicename entry in the wp_users table to hide the real username.

RELATED:   Healthy Website Security Practices

4. Limit Login Attempts

Limit login attempts to discourage brute-force attacks. It is not a surefire way to discourage attacks, especially when hackers have access to thousands of IP addresses. However, it is a simple measure that can potentially help.

5. Disable File Editing From the Dashboard

Add the following to the wp-config.php file to disallow file editing directly from the dashboard. Typically, hackers want to find sites that are easy targets. Change the default WordPress setting by adding the following simple code: define( ‘DISALLOW_FILE_EDIT’, true ); This method is not a failsafe, and it is highly recommended that all users keep archives of WordPress sites regularly. The importance of backups and redundancies cannot be stressed enough. A variety of security plugins can deter certain types of attacks, but an attack can still happen. Additionally, WordPress plugins that schedule automatic archival and backup are available.  The Biggest Source of Vulnerability Is Often the End User  It is alarmingly easy to overlook the obvious. Copycat site WordPress.org and deals that seem too good to be true are easy to find. Invest in WordPress site security by investing in optimal setup and security maintenance. Often, seemingly small or irrelevant vulnerabilities combine to form a WordPress website that has substantial security problems. Take the time to change passwords, backup site data, and install updates. It will almost certainly be more cost-effective than embarking on impromptu damage control initiatives.

Sources:

http://www.woothemes.com/2013/09/improve-your-wordpress-security-with-these-10-tips/

http://www.smashingmagazine.com/2012/10/09/four-malware-infections-wordpress/

http://techcrunch.com/2013/04/12/hackers-point-large-botnet-at-wordpress-sites-to-steal-admin-passwords-and-gain-server-access/

http://itpixie.com/2012/10/hide-your-wordpress-login-from-author-archive/#.U7QNiZy_gbI

Top image ©GL Stock Images

whg_banner.new.10k

How to Find a Successful Name For Your New Blog?
How to Find a Successful Name For Your New Blog?

One of the most important decisions you can make to ensure your blog is among the best is to select a name. While there are more than 500 million blogs available...

How-to Start a Blog – Review of the Best 10 Blogging Platforms
How-to Start a Blog – Review of the Best 10 Blogging Platforms

If you want to start a blog as fast as possible, then you need to consider choosing a blogging platform. Thankfully, there are some excellent free and paid blogging platforms...

How Referral Marketing Can Benefit Web Hosts
How Referral Marketing Can Benefit Web Hosts

Even if the niche of web hosts are fully loaded with a lot of companies they are still one of the easiest to promote because you could write your own...

Broken Links: How to Find, Fix, and Benefit from Broken Links
Broken Links: How to Find, Fix, and Benefit from Broken Links

Links are what holds the web together. Essentially, the web is named as such because of the ability for pages and sites to link to other sources and relevant information....

Brand Value & the Most Powerful Brands (with Infographic)
Brand Value & the Most Powerful Brands (with Infographic)

Brand value – everyone wants it, however, only few are able to achieve it. The subject of “brand value” holds a significant position amongst marketers, executives, and entrepreneurs. Let’s discuss...

Reasons why your business should shift to Cloud hosting
Reasons why your business should shift to Cloud hosting

Cloud hosting has been on the rise since its inception. The improvement to your website performance and business efficiency that comes with Cloud hosting is almost tangible.

Why We Love the IT Support Career?
Why We Love the IT Support Career?

In almost all of my posts I was talking about the stressful side of the IT – the long hours, end user issues, migrations, midnight calls and the like. But...

IT Manager: Ways To Show Your Appreciation To Your Team
IT Manager: Ways To Show Your Appreciation To Your Team

Surely your team struggled hard and made things happen. You cannot say “this is what you get paid for” and just leave – you cannot keep your IT staff that...

1 Comment

  • Avatar for Jamie Jamie says:

    About a year ago my wordpress site was hacked because I was dumb enough not to change the default password. I didn’t think my site was important enough for anyone to go after me personally. Then I realized that hacking doesn’t always work that way. A hacking team was able to take down a whole mass of sites at once through this method so I really can’t stress the importance of a strong password enough. And stay away from the “it won’t happen to me” mentality, because it very well might.

Leave a Reply

Your email address will not be published. Required fields are marked *