In my first post I discuss some security vulnerabilities caused by not keeping WordPress up-to-date. Next I talk about our Website Care service.
WordPress powers over 31% of all websites and is one of the most popular frameworks for creating them. In the past I thought it was an insecure platform because it was hacked often. However in hindsight the fault is probably with the administrative user(s) rather than its developers and security team.
The latest stable version, 4.9, was released on November 16, 2017. Have you upgraded WordPress within the last year? Do you follow good security practices?
As a result of not keeping WordPress (core, plugins, and themes) up-to-date your website can become compromised.
A common exploit is a Pharma Hack. It uses weaknesses in outdated code to display pharmaceutical ads. If this happens, a search engine may think your website distributes spam and block it.
Another vulnerability is the backdoor. This affects websites by bypassing security to gain access through a backdoor. In a 2017 report by Sucuri it was reported that 71% of infected websites were compromised through this exploit.
Brute-Force Login Attempts
Finally one simple way to secure WordPress is to prevent brute-force logins. Brute-force logins occur when automated scripts gain access through trying easily guessable passwords with the username, admin. So reconsider using easy to guess passwords. SplashData published a list of common passwords stolen in 2017 that included the following:
So consider not making it easy for someone to break into your website and create strong passwords with tools like Strong Password Generator or GRC | Ultra High Security Password Generator. On your desktop, use software like KeePass (highly recommended) to store your passwords.
Also remove the admin user and create a new administrative user with an username that is difficult rather than easy to guess. This can secure your website and keep it from being one of the 30, 000+ websites compromised daily by brute-force attacks!