Why You Should Keep Your WordPress Up-to-Date

In my first post I discuss some security vulnerabilities caused by not keeping WordPress up-to-date.  Next I talk about our Website Care service.

WordPress

WordPress powers over 31% of all websites and is one of the most popular frameworks for creating them.  In the past I thought it was an insecure platform because it was hacked often.  However in hindsight the fault is probably with the administrative user(s) rather than its developers and security team.

The latest stable version, 4.9, was released on November 16, 2017. Have you upgraded WordPress within the last year? Do you follow good security practices?

Security Vulnerabilities

As a result of not keeping WordPress (core, plugins, and themes) up-to-date your website can become compromised.

Pharma Hacks

 A common exploit is a Pharma Hack. It uses weaknesses in outdated code to display pharmaceutical ads.  If this happens, a search engine may think your website distributes spam and block it.

Backdoor

Another vulnerability is the backdoor.  This affects websites by bypassing security to gain access through a backdoor. In a 2017 report by Sucuri it was reported that 71% of infected websites were compromised through this exploit.

Brute-Force Login Attempts

Finally one simple way to secure WordPress is to prevent brute-force logins.  Brute-force logins occur when automated scripts gain access through trying easily guessable passwords with the username, admin.  So reconsider using easy to guess passwords.  SplashData published a list of common passwords stolen in 2017 that included the following:

  • 12345

  • 123456

  • 1234567

  • 12345678

  • 123456789

  • Password

  • letmein

  • qwerty

So consider not making it easy for someone to break into your website and create strong passwords with tools like Strong Password Generator or GRC | Ultra High Security Password Generator.  On your desktop, use software like KeePass (highly recommended) to store your passwords.

Also remove the admin user and create a new administrative user with an username that is difficult rather than easy to guess.  This can secure your website and keep it from being one of the 30, 000+ websites compromised daily by brute-force attacks!

About Obiora Embry

Obiora Embry is a multi-talented individual who is not only a Web developer, but also an engineer-in-training, born again artist, writer, author, consultant, food grower, and more. As a developer he enjoys writing code a user experiences but never sees, analyzing data, troubleshooting and solving problems, and more.

Leave a Comment

You must be logged in to post a comment.