In 2013, 73 percent of popular sites that used WordPress were vulnerable to attack. Cyber-attacks seem to always make headlines. Data breaches are becoming more and more common. This article will help explore multiple options on how WordPress site owners can secure their websites.
1. Keep WordPress Up to Date
It can't be stressed enough how important updating is, despite it seeming like such a simple concept. In most cases, a new WordPress versions patch a security vulnerability found in the previous version. When you log into the WordPress admin dashboard, be sure to check the top of the dashboard to see if there is an update available.
2. Keep Plugins and Themes Up to Date
Did you know that in the list of the 10 most vulnerable plugins, five were plugins which were required to purchase- and were used by giant websites? Keeping plug-ins and themes up to date can be argued as more important than updating WordPress itself. Finding a vulnerability in a Content Management System as giant as WordPress is obviously a lot harder than discovering and exploiting a vulnerability in a plugin or theme coded by some programmer in his mom’s basement. You can determine if plugins need to be updated by viewing the plugins tab under the dashboard.
3. Do Not Download ‘Nulled’ or ‘Leaked’ Plug-ins and Themes
This goes without saying. There are a lot of ‘free’ plugins and themes on the internet. As a small business/individual, buying plugins and themes can be expensive. Thus, the word 'free' is extremely appealing. Most of the plugins and themes on the internet contain malicious code which can lead to attackers taking control of your installation or injecting advertisements/re-directs. Sketchy sites that promote free premium plugins should NOT be trusted. Only download plugins from the WordPress store.
4. Don’t use ‘Admin’ as the Username
If you’ve already installed WordPress using the username ‘Admin’ you can change it by inputting an SQL Query in PHPMyAdmin by following this set of instructions outlined by wpbeginner. Using admin as the username can lead to attackers ‘brute forcing’ the password which involves using a dictionary-based list that tries various password combinations with the usernames. This is an ineffective way of breaking into a WordPress installation, however, it is still entirely possible depending on the strength of your password.
5. Limit user access
The most effective way to break into anything is through human error. It’s an effective way to break into Webservers. When targeting a WordPress installation, an attacker can apply techniques which target specific individuals. By using such techniques, attackers can take over a website. A good way to get around by this is by giving very few users access- if they do not absolutely need it, do NOT give them access. Even if they do, give them the bare minimum access.
Please bear in mind, this is just the tip of the iceberg. There are tons of more security tips. However, these will significantly help in securing your WordPress installation.
Written by Maverick Baker