22% of websites around the world use WordPress. That’s over 75 million websites!
As the most popular website content management system in the world, WordPress has become a big target for hackers.
Many hackers target WordPress websites which do not take security under serious consideration. When creating a website, many business owners & marketers are more concerned with the design and content of the website. As a result, the security aspect is ignored.
This does not mean that using WordPress is not safe. No online system is 100% secure. What the above means is that website security must be given its due attention.
There are many reasons why hackers do what they do. Although hobbyist hackers may do it for fun, professional hackers can earn a lot of money by hacking websites. When a website is hacked, the hacker can manipulate content, send website visitors to a different website instead, add links to dangerous websites which may include viruses, and so on.
The first step to being protected is analysing your security situation and being aware of any vulnerabilities your system has. Here are three common issues in WordPress websites:
Using WP-admin to log-in
In order to log-into many WordPress websites, one normally adds /wp-admin or /wp-login to the end of the domain name. So it would look something like this: http://www.example.com/wp-admin. The log-in page loads up and one enters one username & password.
What a hacker might do is use a software program to automatically target the wp-admin page and automatically start trying different username & password combinations.
Solution: change the page to login from wp-admin or wp-login to a unique one such as www.example.com/tieqa.
WordPress is a system that is continuously being improved with new features and better security. A WordPress website also uses themes & plugins that contribute to the website’s design and functions. All these must be updated regularly.
The updates often fix security vulnerabilities, the details of which are often available online for all hackers to see.
At the time of writing, the latest WordPress version is 4.0, yet the majority of websites still use an earlier version.
Solution: make sure your WordPress website uses version 4.0, and has all the themes & plugins updated. Before updating take a backup just in case.
A common headache for many website owners is the amount of comment spam they receive on their blogs. Often these spammy comments include many links to other websites.
The danger here is that when clicking to some of these websites, your computer might become infected with a virus. Or the website might install a program that notices when you are using your credit card online and sends the captured details to the hacker.
Solution: automatically block spammy comments using an appropriate plug-in like Akismet.
The above are all realistic threats that many people and businesses suffer from everyday. People like you lose real money and precious data because of such vulnerabilities.
How should my attitude towards website security be?
Security is not a set-it and forget it issue. It has to be thought about regularly because of updates and new threats.
Having said that, a best practice is to undergo a WordPress Website Hardening process. This makes a world of difference because it configures your WordPress website in such a way that breaking into it becomes harder.
For example, a hardening would take care of all the three security dangers listed above.
There are many online threats that you have to protect yourself from and this is why it is best practice to get a professional to handle the technical details.
If you wish to set your mind at rest with regards to the security of your website, then you can start with a free security scan of your website, or better still you can contact us immediately to undergo a WordPress Website Hardening.