WordPress is the most popular website platform in the world, by far. That popularity also makes it a prime target for hackers everywhere. All things considered, WordPress is actually a very secure platform, which is why we aren’t constantly hearing about this or that breach. But it does require some vigilance.
Here are the four most common WordPress vulnerabilities and what you can do about them.
1. Hacked login credentials
One vulnerability with WordPress is that the login page for most sites, unless customized, can be easily found by appending /wp-admin to the main URL. Once found, hackers are free to brute force their way in.
To protect yourself, you should change the default login page to something unique to your site. This can be done manually, but there are also WordPress plugins (Custom Login, Login Page Customizer) that will do it for you.
Secondly, and this applies to everyone, make sure you use a secure password for your site. That means it should be a password that you don’t use anywhere else, and that it’s longish — forget the random gibberish — it’s pure length that gives hackers a challenge, so consider putting in a whole phrase or even sentence to get your password to 15 or more characters. Or, just use a password manager!
2. Outdated WordPress version
Yes, those pesky notifications to update your site to the latest version of WordPress are actually pretty important for security. This is because updates, in addition to improving WordPress, are meant to address the latest security threats. If you leave your website on an earlier version of WordPress, hackers can utilize well-known vulnerabilities to get into your site.
The fix here is simple: pay attention to the notifications and update your WordPress version within a week of release (but sooner would be even better). Unfortunately, there are no services that will update WordPress for you, due to the potential for breaking your site.
3. Poor management of user privileges
Different accounts on your site have different potential for damage. For example, admin accounts can break the site, while accounts that can only create content but not make any other changes are much more restricted.
To keep your website more secure, think about everyone who uses your site and give them the minimum level of privileges that still enables them to do their work. That way, you’re minimizing the damage if someone else’s account were to get hacked.
4. Outdated Plugins
WordPress users love their plugins. These can be great for making changes to a site without actually needing to code anything. But just like WordPress itself, plugins have periodic updates, and without these, can become a serious vulnerability.
So, extend your WordPress update check and actually update all your plugins at the same time. No one actually likes taking the time to install updates, but make it a point to do them weekly and get an extra cup of coffee while you wait. Your website will be much more secure for it.
We hope these tips help you keep your WordPress site more secure. If you have any questions about security, reach out to our team!