WordPress Website Security
If you are running a WordPress site you have made a good decision on that platform used for your site, however, since WordPress is so widely used, for example, over 800 million sites are running WordPress, it is also the most common content management system, or CMS, that is compromised. There are many hackers that scour the web searching for WordPress websites which are running out of date software or are using plugins which have not been updated to their latest secure versions which leaves a door for compromise open to these hackers. One of the easiest ways these hackers find vulnerable sites is to look for notes in the source code which reveal the version of CMS and/or plugins which are installed. Once the CMS or plugin versions are left vulnerable, hackers use these to exploit the system and break-in.
There are many reason why hackers will look for these vulnerabilities and holes in the system, such as to compromise and deface a website, to install malware or links which redirect users to fake or other vulnerable sites where they use your site to capture inbound traffic and redirect that traffic elsewhere. Other reasons include breaking into the server that hosts your site by first getting control of your hosting account and then working up the network chain from there. Once a hacker has broken into your site, they are able to send email from your site or the server which hosts you. This is another very popular reason hackers will attempt to enter your system, to send spam from a white-listed server address. For instance, sites that send spam are often labeled as such and can only be used for a short period of time before ISP’s block the IP address and label it for spam. This causes hackers to look for additional sites to compromise and send spam from that IP until that too is blacklisted; they will then move onto other sites and compromise those.
When having a WordPress website, it is a responsibility of the site owner to keep that site safe. Your own safety as well as the safety of every user online as well as sites hosted on that network are reliant on this. There are many things you can do to keep your WordPress website safe and this is something we, at Internet Marketing Services Inc., automatically do with all WordPress sites hosted on our network. For instance, there are basic functions pre-built into WordPress that are often not used; these functions can be shut-off to prevent unnecessary possible entry points for hackers. Security plugins can also be installed which will scan and continually look for vulnerabilities or compromised or altered files.
Additionally, since WordPress is a common CMS, hackers are always trying to brute-force login by using software to hit the admin login page hundreds of thousands of times trying alternative username and passwords combinations as well as common usernames such as ‘admin’ with varying passwords. Many compromises are due to hackers simply figuring out a way to login and create themselves an administrator account, at which point they can completely take over your site.
Website owners who use WordPress should never use the default login user ‘admin’ or ‘administrator’ and should take every available precaution including always using highly secure passwords. As an additional deterrent, there are security related plugins which cause the back-end admin panel to be hidden in a private location so that brute force attacks cannot even be attempted, this too should be a standard practice for those using WordPress. To not facilitate and attempt to keep your WordPress website safe is to risk not only other sites on the network but every visitor to your site.
If you have already faced a problem related to security on your WordPress website, please feel free to contact us for more information on ways to keep your WordPress website safe and secure. Our professionals use WordPress daily and there are plenty of security processes that can be implemented to ensure, if your site has already been compromised, it doesn’t happen again. If it has never happened before, how to ensure it stays that way. Over the years we have had to deal with our fair-share of WordPress compromised sites, not only for clients, but including our own, which has created the necessity for us to learn the ins and outs of WordPress security protocols.