WordPress powers over 31% of all websites and is one of the most popular frameworks for creating them. In the past I thought it was an insecure platform because it was hacked often. However, in hindsight the fault is more likely with the administrative user(s) rather than its developers and security team.
The latest stable version, 4.9, was released on November 16, 2017. Have you upgraded WordPress within the last year? Do you follow good security practices?
Security Vulnerabilities
As a result of not keeping WordPress (core, plugins, and themes) up-to-date your website can become compromised.
Pharma Hacks
A common exploit is a Pharma Hack. It uses weaknesses in outdated code to display pharmaceutical ads. If this happens, a search engine may think your website distributes spam and block it.
Backdoor
Another vulnerability is the backdoor. This affects websites by bypassing security to gain access through a backdoor. In a 2017 report by Sucuri it was reported that 71% of infected websites were compromised through this exploit.
Brute-Force Login Attempts
Finally one simple way to secure WordPress is to prevent brute-force logins. Brute-force logins occur when automated scripts gain access through trying easily guessable passwords with the username, admin. So reconsider using easy to guess passwords. SplashData published a list of common passwords stolen in 2017 that included the following:
-
12345
-
123456
-
1234567
-
12345678
-
123456789
-
Password
-
letmein
-
qwerty
So consider not making it easy for someone to break into your website and create strong passwords with tools like Strong Password Generator or GRC | Ultra High Security Password Generator. On your desktop, use software like KeePass (highly recommended) to store your passwords.
Also remove the admin user and create a new administrative user with an username that is difficult rather than easy to guess. This can secure your website and keep it from being one of the 30, 000+ websites compromised daily by brute-force attacks!
We offer a service that can provide you with a peace of mind. Our most basic Website Care Plan provides:
- 24/7 security and up-time monitoring of your website
- Weekly backups
- 20 minutes of basic support
- Software upgrades (includes WordPress core, free and premium plugins and themes)
Upgrading WordPress can be a daunting task as there have been eight releases since January 1, 2018! However, don’t fret, if you sign up for a Website Care Plan (starting at $49/month) you can rest because our team keeps abreast of new releases and makes upgrades as needed.
With Website Care there is no long-term contract and you can cancel at anytime. If want to learn more about Website Care and the free hosting that comes with it, contact us today.
We look forward to giving your website the special care and attention that it deserves!
