WordPress sites get hacked in thousands every day. Hackers try to hack WordPress sites using different methods and exploits. WordPress takes security very seriously but like all software, it is also not perfect. Latest bugs and exploits are discovered from time to time, which hackers use to hack a WordPress website. Apart from that, no matter, how security hardened a software it, if basic security measures are not taken by the user himself, there is increased chances of compromise.
WordPress Security Issues
WordPress gets hacked because of a number of reasons, some of which are listed below briefly. We will discuss these in detail in our follow up article on WordPress security issues.
- An unprofessional hosting will not know how to secure a web server. If the web server on which a WordPress site is hosted has security issues, then this insecurity also passes on to the wordpress installation.
- The wordpress software and plugins is responsibility of the website owner. Most of the time websites get hacked because of outdated or compromised WordPress version or plugins.
- WordPress themes can also be prone to hacking because of poor coding while creating WordPress themes.
- The computer of the user also needs to be virus free. Most of the time, the passwords are compromised because the computer of the user has been hacked exposing the WordPress passwords as well.
- On a shared hosting, if a website is compromised, the others are also exposed to hackers. It is therefore imperative that web hosting security is up to the mark.
- Poor selection of passwords is the number one reason for bruteforce attacks on WordPress. Thousands of websites are hacked using this method and it is hackers favorite.
How to Secure WordPress
A reading of the above wordpress security issues will lead us to how to secure WordPress:
- Always select high quality web hosting. Cheap hosts do not have the infrastructure or resources to secure web servers. Cheap web hosting is only in name. It might end up costing you dearly.
- Always keep your WordPress version and plugins updated to the latest version. Never delay updates, especially if these also include security fixes.
- Do not use shady WordPress themes, which have not been downloaded from the original creator’s website. Most of the downloaded themes have backdoor in them.
- Always keep antivirus on your own computer updated and do not install software from unknown sources.
- Stay away from web host which hosts shady websites on their servers.
- Do not use user like admin etc. And passwords should also be not easily guessable. These should be complex and not related to you.
- The file permissions on directories should be set to 755 and for files 644. This is generally taken care of by the web server and you do not need to do anything about it in most of the cases. But just ensure that it is set this way.