Securing Your WordPress Website

Hackers and WordPress security

Securing Your WordPress Website

You’ve got a shiny, new WordPress website, and you’re all set without ever needing your web developer again, right? Wrong.

A Little History

WordPress was created in 2003, with the first plugins being developed in 2004. For those who don’t know, WordPress is an open-source content management system that gives even a non-savvy end user control over much of their website’s content and even design. When WordPress was in its infancy, it was virtually ignored by hackers. In the beginning, if someone with a WordPress website went years without updating plugins or their WordPress installation, they would probably be OK. The internet was a different place then, not quite as hostile.

WordPress Popularity

Now that around 37,000,000 people use the WordPress website platform, hosted on their own hosting account, hackers are spending a lot of time finding ways to break in. Some 19% of all self-hosted websites are built with WordPress. Of more than 40,000 sites analyzed in 2014 on Alexa, almost a quarter of them were running older, vulnerable versions of WordPress. There have also been more than 43,000 plugins created for WordPress. Plugins provide additional vulnerabilities and access points for hackers.

Now that around 37,000,000 people use the WordPress website platform, hosted on their own hosting account, hackers are spending a lot of time finding ways to break in.

Elsie Gilmore, Owner – Solid Red Studios

Why me?

You are probably asking yourself, “Self, why would a hacker want to break into my puny, little website?” They certainly are not trying to find your address so they can send you a birthday card. What most of these unsavory characters want is to use your computer as a tool to send spam using your hosting account’s bandwidth. Others want to get your site visitors to click links that either direct them to commercial websites (often porn) or download viruses onto their computers that can harvest credit card numbers and other personal information that is used to defraud the person and their family/friends. Sometimes there are no outward signs that your site has been hacked; the hacker is simply using the files to run malicious scripts in the background.

What can I do?

I’ve always said that, although a pacifist, if I ever met one of these types of hackers, I would probably punch them in the face. Countless hours and piles of money are spent cleaning websites and computers of hackers’ destruction. According to a 2015 report by Hewlett Packard and the U.S.-based Ponemon Institute of Cyber Crime, cyber hacking costs U.S. companies around $15 million dollars annually. Not to mention the general frustration it creates and the downtime a business’s website may face as a result.

I highly recommend a monthly security plan for all WordPress website owners.

Important Elements of a Security Plan

These are some of the basic elements a website security subscription should include:

  • Installation and configuration of plugins that will help lockdown and monitor your site
  • Regular backups that are saved on your hosting and in an offsite location
  • Regular updates of plugins, themes and WordPress installation
  • Security scans to determine if files on your WordPress installation have been changed from the originals
  • Periodic analysis of login protection settings to help eliminate excessive login attempts
  • Examination of the site if it goes down for long periods of time as this could indicate a virus infection

No one can guarantee that your WordPress website will never be hacked, but by monitoring the site, keeping applications updated and having up-to-date backups, you can thwart many hackers and be back up and running quickly if your site is targeted.

I encourage you to check out the WordPress security and maintenance plans offered on my website. I’m also happy to answer any questions you have on this subject.