WordPress is the most popular content management system in the world. Don’t believe it? WordPress is powering 38.6% of all websites, worldwide according to W3Techs. That is over one-third of the web.
Popularity does have some unfortunate side effects. WordPress is often targeted by malicious hackers. Thousands of WordPress sites get hacked every year. While it may sound like the Security Team is dropping the ball, they aren’t.
A Once of Prevention
Hackers aren’t getting into WordPress site because of vulnerabilities in the latest core software. Most sites that get hacked are due to entirely preventable issues.
Out-of-Date Core Software
A report from Sucuri shows that in 2019 56% of all hacked sites were out of date. Notably, (at the time of this article) only 35.3% of all WordPress sites are running the current version.
The WP Security Team does an excellent job quickly fixing security issues in the core version. However, updates work only when they are installed.
Out-of-Date Plugins
There is no shortage of addons in WordPress. While this is one of the great things about it, each one is a potential gateway for hackers to exploit.
- Keep them up-to-date
- If a developer stops maintaining the plugin – stop using it.
- Additionally, try to use them sparingly.
Lastly, Your WordPress Password
This part is 100% the sole responsibility of the user. Password theft is surprisingly easier than you might think. If your site does not have an SSL (https) certificate installed (HTTP) your credentials are sent in cleartext. Therefore, there is a risk they will be stolen. You are essentially opening the door to the criminal and inviting him in. To protect your credentials:
- Enable Two-factor Authentication
- Enforce strong passwords
- Install an SSL certificate (this encrypts data sent)
- Setup a firewall and security