Web site security issues with WordPress have become a known problem as a vast majority of WordPress sites and blogs are extremely vulnerable to various forms of cyber-attacks. This fact is especially troubling since over 172 million websites worldwide is now powered by the WordPress content management system. Some IT security experts report that over 70% of sites hosted on this platform have some vulnerabilities, increasing the chances of information theft or the planting of malware on the given site. A few of the most common security problems include SQL injection, easy access to sensitive backend files and administrator accounts that can be hacked too easily.
What is SQL Injection?
WordPress uses Structured Query Language (SQL) databases to execute a number of tasks on the server side. When a SQL security breach happens, hackers inject commands into the database that trigger specific database actions. This kind of action can reveal sensitive personal data or allow hackers to deface or modify a website’s content. Some similar types of hacks can trigger commands in PHP that inject malware into site visitors’ computers the next time they click on a link to the infected website. To prevent this security breach, site developers need to access the site’s .htaccess file and modify the rules that allow many cyber attacks of this kind.
Access to Sensitive Files
Some of these WordPress files that need to be kept private include the install scripts, the “readme” file and various configuration files. Adding commands to secure these files is done in the same .htaccess file that developers use to block SQL injection attacks. Added commands need to block access to both the website server and to the WordPress installation itself.
Vulnerable Admin Accounts
Current WordPress installations include a default admin account with the user name “admin.” Hackers often access this account by guessing passwords. The process for eliminating this vulnerability is easy; site owners simply need to create a new account with a new user name and administrative privileges. They can then delete the default admin account, significantly reducing the chances of hackers guessing both the new username and password.
Botnet Attacks
Cybercriminals and hackers use Trojan viruses to breach the security of several users’ computers all at once, they take control of each of those computers and organize all of the infected machines into a network of ‘bots’ that the criminal can manage with remote access. How this effects a website is if your computer is infected, and you are connected to your website admin, or the server space (ftp) then your website then becomes highly vulnerable.
Other things that you can be doing that would cause vulnerabilities include:
- Not Using Firewalls
- Staying on Shared Hosting
- Leaving your username as admin
- Not changing your passwords often enough
- Downloading or buying bad plugins or too many plugins
These security holes are among the most common ones leading to WordPress site breaches. Applying trusted security measures and being aware of continuing threats will strengthen a WordPress blog or website against the often-serious losses from this kind of data breach.
It’s important to use secure practices for your website, have a solid backup system in place and a plan of action should an attack occur. For more information, contact us today, Your Page Today can help get your website on track to being secure and stable!