WordPress is a favorite target for hackers all over the world. Why are the pickings so good for the experienced WordPress hacker? Because the sheer number of websites using it provide a large pool of targets. It’s open source code is freely available to everyone including hackers. WordPress’s ease of use means that complete neophytes with no expertise or interest in security can readily set up websites that are easy targets.
Anyone with a WordPress site that’s been online for a few weeks will begin to see multiple unauthorized login attempts on their log files. With WordPress, there is no safety in numbers that some website owners mistakenly take comfort in. That’s because hackers will find their sites with automated software.
Brute force hacking, where bots work tirelessly at guessing passwords for logging into the WordPress admin area, is the most common method. However, it is far from being the only one. There are a large variety of hacking techniques designed to exploit the weaknesses of the WordPress content management system (CMS).
While perfect protection against a determined hacking attack doesn’t exist, the majority of attacks can be thwarted by using as many of the following security measures as possible:
Keep up with Your Updates
Stay current with updates associated with: the core WordPress CMS, plugins, and themes. Some of these updates are new features and software improvements while others are patches to security weaknesses. Sometimes the developers spot the weaknesses, while in other cases the hackers identify and exploit them first.
Use Only Quality Themes and Plugins
Although these are often premium, there are quality free themes and plugins as well. Quality in this case means they have a good track record which you can assess by studying their reviews and number of downloads. The more reviews available, the more accurate your assessment. Never use pirated plugins or themes.
Use Strong Passwords
Because this well-known tip is frequently disregarded, it requires frequent repetition. Strong passwords are lengthy with random characters of the different types found on your keyboard. Strong passwords are also unique. That is, they are not used for access to multiple accounts.
If You’re Not Using It, Discard It
More plugins and themes mean more potential vulnerabilities that hackers can exploit. This includes the plugins and themes that you don’t use. Consolidating the number of plugins you currently use is also recommended. Other things to discard are the usernames and passwords of inactive users of your CMS.
Make Frequent Backups
This allows you to reset your compromised website back to its previous state. Do this after you have identified and corrected the security weakness that caused your site to get hacked.
Use Security Plugins
One commonly used plugin limits login attempts. After a number of failed attempts (that you can set), the attacker’s IP address is blocked.
Other plugins (such as the Google Authenticator) set up a two-step authentication process for logging in. This process requires two different forms of authentication. One of these is your username/password at the WordPress admin login page, while the other is an authorization code sent to your cell phone. The correct authorization code is required before you can even get to your login page to make your username/password entries.
Yet another security plugin type allows you to change the URL of your login page to another of your choosing. This hides the page from bots programmed to go to the standard login URL.
Comprehensive security firewall plugins are also available.
Don’t Skimp on Your Hosting
Another entry point for hackers is the server hosting your site. Like your computer, a server can also be attacked. The best hosting providers have substantial security expertise and employ encryption, firewalls, and other intrusion prevention systems.
Contact us at Applied Innovations to learn about our reliability, security, and hosting packages.