We wrote an earlier post?about WordPress security and the basic steps to ensure that your wordpress blog remains safe from hackers. We also listed five best WordPress security plugins. According to a survey of people whose website was hacked, more than 61 percent did not know how their website was compromised. That is a big number.
Because wordpress is so simple to install and maintain that most of its users are not technical people who do not know much tech stuff. WordPress security company Wordfence has listed different reasons that are responsible for compromise of WordPress sites.
According to WordPress, more than 55 percent of websites are hacked because of plugin vulnerabilities. The second biggest risk is brute force guessing of password and this accounts for around 17 percent of hacked sites. Not updated WordPress core is the third risk. The next two big risks are themes and hosting.
A plain reading tells that WordPress plugin vulnerabilities and brute force password attack together accounts for more than 70 percent of WordPress hacked websites. So keeping this trend in mind, here is what you need to do:
Keep plugins updated
There are are more than 40,000 plugins in WordPress repository. You need to keep your plugins updated to the latest versions. Also keep in eye on the plugins news so that you can get early alerts about any plugin vulnerability. Do not use plugins which are not actively being maintained. Do not install plugins that are downloaded from shady websites. Specifically avoid all ‘nulled’ plugins.
Avoid brute force attacks
You need to be sure that you are not using commonly guessable username and password. Stay away from usernames like ‘Admin’ and ‘Administrator’ etc. Also do not use your blog name, company name or your writers’ names as admin users. Also ensure that you are using strong passwords with proper complexity.
Apart from the above two main issues, also keep your WordPress core updated to the latest version. The older versions have vulnerabilities.
In certain cases hosting accounts are also compromised. Therefore, use strong passwords for your cPanel hosting account and for other services like FTP etc.
You also should take care of your own workstation environment too. Do not use old versions of browsers or operating systems. A simple compromise of your own system will allow the hacker to install keylogger and then your all passwords will be revealed.
By taking care of the above, your website will be reasonably secure from hacking. You should pay attention after you have learned that how WordPress sites are hacked.