Today, WordPress has already become a common target for malicious hacker attacks. Just during this year, over 170,000 sites and blogs, working on the basis of WordPress have been hijacked. In 2014 this figure will likely grow. Why is this happening, if WordPress is considered to be very safe platform? Let’s take a look at the statistics and determine, whether your WP installation will be the next target for hackers.
Learn on others’ mistakes!
41% of sites were hacked through the fault of hosting providers. This means that an attacker has used the vulnerability of hosting in his own interests, or used security hole at hosting provider to hack WordPress blogs, located on a vulnerable host.
29% of sites were hacked because of WordPress themes vulnerability. In other words, a hacker has identified the weaknesses of theme, installed on WP and using it, reached his goal – got access to the website.
22% of sites were hacked because of the vulnerability of plug-ins, installed on WordPress.
8% web pages were hijacked, because of the weak password to the panel.
What happens during a hacker attack?
If an attacker was able to gain access to your WordPress blog or website, he will likely use the following list of techniques to hide his tracks on the site and stay there for a little longer:
– Creating a new account with administrator privileges;
– Resetting passwords for multiple accounts to prevent other users entering your own WP site;
– Changing the role of the existing inactive account;
– Injecting malicious code into the content;
– Modifying WordPress files, to re-gain access to the system via malicious code (like a backdoor);
– Creating redirects in .htaccess files.
How to protect WordPress from hacker attacks?
As you can see, to hack WordPress site is very simple, but there are also good news – you can protect yourself from hacking. Looking back and examining the facts, you can understand what to do, to raise the level of protection for your site from hackers:
– Before you select or change providers, it makes sense to gather some information about the web hosting provider: browse forums, blogs and articles.
– Before installing a theme or plugin, study them and make sure they are regularly updated official products.
– Delete or rename the administrator account by default.
– Use a strong password. Under a strong password, I mean a password that contains at least 8 characters, which do not form any sequence and is not a nickname of your dog. The password should also contain lowercase and uppercase, numbers, and special characters such as!, &,?
– Keep your themes, plugins and other software up to date and always use fresh patches to protect your software from its suppliers.
– If you use the above tips, the security of your WordPress will largely increase, and it will be protected from the most widely used and known attacks.
Don’t stop! Keep further your WordPress theme security level!
You can not take one-time measures to improve WordPress safety and stop at this, because a site’s security is necessary to deal with constantly. The measures, that I have mentioned here, are suggested, but you must also apply them regularly. The measures will improve, with each incoming attack, however do not immediately relax your security level. To do that, visit the dashboard and click on “Admin” link, then click on “Change”.
Dashboard view
Now click on “Change”, file a letter to the web hosting company requesting them to lower their security level, and thank them for listening to your request.
In this manner you will have to face the fact that despite all the security measures installed on your site, it will continue to be attacked by the hackers, and your site will become infected with their malicious code.
Delete the existing files related to the old version of WordPress
Download the backed up files of WordPress
Restart WordPress
Disable the old version of the plug-in, if it is still installed
Download the new version of the plug-in and install it
Update WordPress
Open theReports section of your WordPress dashboardClick on “General” link from the drop-down menuRename the section to “Add this website to the overlooked zone” and select the new option “From (the website address of the page)”.After this step, click on “Save” to save the settings file into your computer. Close your browser window.