WordPress Security How to Stop Hacking and How to Recover from Hacks
Jul 2, 2014
You need WordPress Security Best Practices
WordPress is the most popular website Content Management System (CMS). About 47% of websites currently run WordPress. The next-most-popular CMS is Drupal at 13%.
It’s lucrative to support WordPress.
The huge number of website owners buying in on WordPress is part of what it makes the platform so delightful. Freelancers and firms can make a stable income by creating new, in-demand extensions or by improving existing WordPress features.
It’s lucrative to hack WordPress.
Why? It’s smart to hack a popular CMS. A vulnerability in one WordPress website is likely to exist in others, so the same hack can be used many times. With so many WordPress websites out there, the hacker many more chances to reuse their hack than they would if they hacked a different platform.
WordPress security best practices can make your website a hard target so hackers will move on, looking for easier websites.
How concerned do you really need to be?
I’ll let you decide:
- 70% of WordPress installations are running versions of WordPress that are vulnerable to attacks
- 20% of the 50 most popular WordPress plugins are vulnerable to common Web attacks – which amounts to 8 million plugin downloads
- 7 out of top 10 most popular e-commerce plugins are vulnerable to common Web attacks – which amounts to 1.7 million plugin downloads
- A majority of WordPress website owners do not keep their themes, plugins, or WordPress installation up-to-date, resulting in heightened security risks
- Even deactivated plugins can be used to infiltrate your site
- A hacked website may not exhibit any symptoms – it may simply infect it’s visitors with harmful viruses that steal private data
As WordPress continues to be a best-fit CMS solution for website owners all over the world and increases it’s market share, the incentive to hack WordPress will only increase.
What are these hacks? What are the hackers trying to get?
Hackers may place links on your website to draw your visitors to a different place. They may attempt to capture your personal data and files, or personal data from your website’s visitors. Or, they might just be having fun, impressing their friends, or be motivated to eliminate your web presence (adapted from Mike Wallagher).
What can you do?
WordPress security best practices include several, simple big-win moves you can make:
Protect
If you want your site to be secure, you have to use WordPress the right way and keep it, its themes, and plugins up-to-date. This alone will protect you from a lot of attacks.
Also, use complex passwords and two-stage verification for yourself and all other users with high permissions.
Finally, employ a security extension that will help you close open doors, or known weaknesses, in the WP framework.
Detect
Not every (or most!) hacks are evident. Employ security extensions that can monitor suspicious file creation or modification and other undesirable events on your website.
Restore
Back-up regularly and store old versions
There’s always a risk – having backup versions of your website is the best way to ensure that you can quickly and affordably rid yourself of a hack. A good tech can recover your latest content from your corrupt website, restore an older version of your website (before the hack occurred), and import the recovered content.