WordPress Security: How to Avoid Getting Hacked

Andrea Ferguson

Andrea Ferguson

President at AndiSites Inc.
Andi is founder and President of AndiSites Inc. She writes about website design and development, best practices, and random stuff her busy brain thinks would be useful.
Andrea Ferguson

According to Sucuri’s Website Hacked Trend Report 2016 – Q1, the “explosion and dominance” of Content Management Systems–especially WordPress–has led to “a large influx of unskilled webmasters and service providers responsible for the deployment and administrations of these sites.” As such, DIY or low-cost WordPress websites are built using unsafe plugins and vulnerable themes, and are not properly maintained (e.g., updating the core and plugins to implement security patches as they’re released).

WordPress is the leading open-source CMS platforms on the market, leading in adoption by businesses of all sizes and everyday website owners. In all instances, regardless of platform, the leading cause of infection could be traced to the exploitation of software vulnerabilities in the platform’s extensible components, not its core. Extensible components directly relate to the integration of plugins, extensions, components, modules, templates, themes and other similar integrations. — Sucuri

So the problem isn’t WordPress itself, it’s how it’s put together and maintained. Expert WordPress developers like AndiSites use only known-safe, updateable themes and plugins. We encourage ongoing support and maintenance to ensure that sites are kept safe and running well. According to WPBeginner, 83% of WordPress websites that get hacked are running an old version of the WordPress core.

Blogger Matt Banner has put together a thorough explanation of how to keep your WordPress website from being hacked, from the beginner to the professional level. He’s also created a great infographic (see below) to summarize the highlights, including tips to prevent WordPress vulnerabilities:

  • Update WordPress to the latest version
  • Backup regularly
  • Don’t use “admin” as your username
  • Don’t have a “Login” link on your site that goes to the back-end (use /wp-admin only)
  • Use a reliable hosting company (we highly recommend SiteGround)
  • Use trustworthy plugins and keep them updated
  • Use a security plugin (you can also use a service like Sucuri.net)
  • Make sure your passwords are strong (we like Strong Password Generator)
  • Use a CDN firewall (reputable hosting providers provide CloudFlare at no or low cost)

 

Wordpress Security
Credit: On Blast Blog

Keep your site safe, and if you need help or advice, contact us. We’d love to help!