WordPress now powers 30% of the internet, making it an ideal target for hackers around the world. Fortunately, there are ways to protect your website and minimize, or even prevent, major complications. One of the best things you can do to be secure is consistently monitor your website so you’ll be aware when something isn’t right. Here are some of the more important WordPress vulnerabilities and security risks to watch out for:
Strong Password Protection
Believe it or not, most people still aren’t using complex passwords or taking advantage of two-factor authentication methods to protect themselves from hackers. A common way hackers can get into your WordPress site is by using brute force, meaning they repeatedly try to guess your password. There are strong password creation and storage tools available all over the web, like 1Password or LastPass, so the user doesn’t have to remember symbols and letters each time they log in. With these tools, there’s really no excuse for weak passwords like your company’s name or “Password123.”
Don’t Wait to Update
Many people get into the habit of waiting weeks or months to update their WordPress website—mostly because they just don’t want to spend the time reviewing for changes after an upgrade. Updating your software, plugins, and themes as soon as they are released is one of the simplest things you can do to keep your site safe. Running out-of-date versions of software can increase your chances of being compromised. If you don’t want to monitor and manually update, you can set up auto-updates for WordPress core and, if you’re site is on a managed WordPress hosting platform, your themes and plugins as well.
Plugins Still Require Monitoring
People sometimes rely on plugins to do everything, and they forget about ongoing monitoring and updates. If one of your plugins breaks, your site could be compromised within a number of minutes. The easiest way to prevent this is to put a plan in place for consistent monitoring. Filesystem-based monitoring (through a plugin or on the server level) can help make sure you're aware of any breaches or compromises. And less is more when it comes to plugins: only use the ones that you absolutely need, and be sure to delete any inactive and unused plugins from the site.
Nothing is Hack Proof
Unfortunately, close monitoring doesn’t guarantee you will never get hacked. If you are hacked, immediately speak with your WordPress hosting provider. Waiting days or weeks to alert them can prolong the process of getting your site restored. At Pagely, if our clients get hacked, our team works closely within our security protocol to clean and restore the client’s site to pristine condition--free of charge.
Always remember no single tool for WordPress can do every job. For those that aren't on a managed host like Pagely, there are several tools and services that can be run to help keep everything updated and scan for malware/vulnerabilities. ManageWP is a service for auto-updating and Sucuri has site scanning, malware, and DDOS tools for a price.
These are just a few things you can do to keep your site secure, but there’s no magic bullet that achieves 100% security. Remember, you can’t take a set-it-and-forget-it approach to security or site management. Hackers are always finding new ways to get in, so you need to be vigilant and constantly make security a top priority.