Are you up-to-date with your WordPress security? Here’s what you need to know:
According to Sucuri‘s Website Hacked Trend Report, the “explosion and dominance of Content Management Systems has led to a large influx of unskilled webmasters and service providers responsible for the deployment and administrations of these sites.”
As such, many DIY or low-cost WordPress websites are built using unsafe plugins and vulnerable themes. These sites may not be particularly well maintained – especially with outdated core and plugins.
WordPress is the leading open-source CMS platforms on the market, leading in adoption by businesses of all sizes and everyday website owners. In all instances, regardless of platform, the leading cause of infection could be traced to the exploitation of software vulnerabilities in the platform’s extensible components, not its core. Extensible components directly relate to the integration of plugins, extensions, components, modules, templates, themes and other similar integrations. — Sucuri
Top Tips for WordPress Security
Expert WordPress developers like AndiSites use only known-safe, updateable themes and plugins. We specifically encourage an ongoing support and WordPress maintenance package to ensure that sites are keeping safe and running well.
However, 83% of hacked WordPress websites are running an old version of the WordPress core, according to WPBeginner.
In addition, blogger Matt Banner provides a thorough explanation of how to keep your WordPress website clear of hackers, from the beginner to the professional level. Here’s a summary:
- Update WordPress to the latest version
- Backup regularly
- Don’t use “admin” as your username
- Don’t have a “Login” link on your site that goes to the back-end (use /wp-admin only)
- Use a reliable hosting company (we highly recommend SiteGround)
- Use trustworthy plugins and keep them updated
- Use a security plugin (a service like Sucuri.net)
- Make sure your passwords are strong (we like Strong Password Generator)
- Use a CDN firewall (reputable hosting providers provide CloudFlare at no or low cost)
If you’re interesting in how to secure WordPress sites you might also like to read our blog posts Top Five Crucial Steps for WordPress Maintenance, How to Disable xml-rpc to Improve Site Security, and Securing Your WordPress Login Page.