Matt Mullenweg’s WordPress content management platform is one of the most influential pieces of software on the Internet, running more than 24% of websites. As the most popular web publishing platform on the internet (by a large margin), WordPress is a popular target for hackers and spammers. WordPress is known for being one of the most user-friendly website platforms available online, but out of the box WordPress is terribly vulnerable to attacks.
ccording to recent research, more than 70% of WordPress installations are vulnerable to hacker attacks.
Hacker uses several methods to access WordPress website. The most popular methods are:
- About 30% were hacked through a security vulnerability on their hosting platform
- About 50% were hacked via a security issue in the WordPress Theme they were using
- Up to25% were hacked via a security issue in the WordPress Plugins they were using
- At least 8% were hacked because they had a weak password
But, don’t worry; you can prevent your website by bad guys. I encourage you to bookmark this article for future reference as you will find it useful when you are securing other WordPress websites you develop 🙂
Best Practices for WordPress Website Security
In this section, I would like to walk through techniques that you can apply to your website in order to make it more secure. All you have to do is modify a few key files such as .htaccess and wp-config.php. I will also speak about security best practices and recommend WordPress plugins that will help you make your website more secure.
Remember that prevention is better than the cure. If you follow the advice given in this section, a hacker will find it very difficult to gain access to your website in the first instance.
- Keep WordPress Updated
Every version of WordPress addresses security holes that have been identified in previous versions. Therefore, if you are using an older version of WordPress, your website is more susceptible to attacks. That is why it is important you always update WordPress to the latest version. The current version of WordPress 4.3 has a security updates on September 2015.
- Chose Good Hosting Provider
About 30% of hacking attempts being caused by security vulnerability on a hosting platform, it pays to host your website with a good quality hosting company. Look for a hosting company that places an emphasis on security especially for WordPress.
- WordPress Security Keys
WordPress Security Keys were first introduced in WordPress versions 2.5, 2.6, and 2.7. The keys improve encryption of the information that is stored in a visitor’s cookies. They will also make it harder to crack your password as it adds random elements to them. A salt key phrase is added to make it even more secure. The keys can be changed in wp-config.php.
- WordPress Database Files names
WordPress applies default table prefix to all database tables. The default table prefix is wp_. For example, wp_posts, wp_terms etc. Changing the table prefix can help prevent SQL injection vulnerabilities as hackers will need to guess the prefix; which, in turn, will stop people from gaining control of your database.
- Strong Login credential
Weak passwords allow hackers to gain access to your website easily using a brute force automated script. You should therefore use strong password and change it frequently. Most important, do not use admin user name.
- Back up files and database
It is highly recommended that always backed up your website, even if your website security has been hardened, there is no guarantee that your website will not be compromised by hackers.
By taking above steps you can make your website secure and make it less likely that a hacker will do something malicious on your website. However, In the event of your website being compromised, stay calm. The best thing to do is reset your password, scan your website for malicious content, and contact your hosting provider or website developer for help on putting everything back to normal.
Shakil Ahmed has over 15 years of IT experience and specialize in WordPress Security and If you like to scan your website for vulnerability or secure your WordPress website than drop few lines at firstname.lastname@example.org