WordPress is the most the most widely hacked website platform around, and by some distance – data from web security specialists, Sucuri, reveals the platform was at the centre of over three-quarters (78.0%) of all cyber-attacks carried out in the first three months of 2016.
This shouldn’t really come a much of a surprise though, as WordPress is also the web’s most popular content management system (CMS), again, by some distance – the latest W3Techs figures reveal it now powers over a quarter (27.5%) of all websites.
This suggests the security issues may have more to do with the sheer volume of WordPress sites out there, rather than any inherent problems with WordPress itself. As Sucuri is keen to point out, in most cases the hacks had less to do with the core of the CMS application itself (if anything at all), and more to do with improper deployment, configuration, and overall maintenance by site owners and hosts.
In short, it’s a combination of web developers, website owners, and web hosting cutting corners that is the real problem.
Soif you’re a webmaster, concerned for the security of your WordPress website, here are four simple ways to fortify it against hackers…
- Use a secure username and password
You may not realise it, but most website hacks are automated, and that means every website is prone to attack, regardless of size or stature. Hackers will first try to force their way in via your website’s login, and effectively walk in through the front door – so it’s vital this first step as secure as possible.
WordPress websites use ‘admin’ as the default username, so the first thing to do is change this to something that’s unique to you – if you don’t, the hackers are already halfway into your site without breaking sweat.
Then set a secure, alphanumeric password that includes a mix of special characters and capitals. It may even be worth using a password manager that will regularly generate a completely random password and remember it for you – the longer and more complex the password, the better.
Also limit the number of login attempts allowed before being locked out of the account, as automated attacks will keep trying until they crack it.
- Use a custom-built theme
The quality and sheer volume of themes, plugins, and widgets available on WordPress means it’s tempting to just grab the ones you need and go. And while there’s nothing inherently wrong in doing this, you need to remember WordPress is an open source application and security level vary across all off-the-shelf add-ons – and if hackers find flaws in a theme you’ve installed, they’ll find a way into your website.
So find a WordPress agency that can develop a custom-built theme for your website – this will not only set it apart from the thousands of other WordPress sites out there, the extra layer of security offered by a bespoke theme will also make it infinitely more secure.
- Use a secure server
Unless you run a really big business, you’ll most likely have to host your site on a shared server, but make sure you do your research before you sign up to any hosting package, paying particular attention to maintenance schedules and security.
If a hosting company doesn’t regularly maintain its servers, the subsequent build up of unused files, data, and websites can be leveraged by hackers to gain access to that server and any compromise any websites hosted on it, meaning your site could be hacked through no fault of your own, regardless of the security measures you’ve put in place.
- Use WordPress updates as soon as they’re released
Earlier this year, more than 1.5 million WordPress web pages were defaced across tens of thousands of sites, following a flawdiscovered in an add-on that was introduced in versions released at the end of 2016.
WordPress released a statement to outline how it delayed going public about the flaw to prompt hosting firms to update their software to a fixed version. It eventually released a patched version on January 26.
This highlights the importance of running every WordPress update as soon as it’s released – if you hang around between updates, hackers will quickly exploit any existing security issues to gain access to your website before you’ve patched them.
The importance of being vigilant
These are just a few of the steps you need to take to maintain the security of your WordPress site, and need to be supplemented with additional measure, such as making sure your workstation is always secure, and carrying out regular back-ups.
Hackers are getting more and more sophisticated and will target any website to gain access to whatever data they can get their hands on – don’t let yours be one of them, make sure security is a priority.