WordPress Security Issues are a common problem that many business owners are not aware of; the common misconception is that once a website is built, it is impervious to attack. Especially with database-driven websites like WordPress, this is simply not the case.
Another popular misconception is that WordPress websites are not secure and by their nature are high risk for business owners. This is a very misguided perception that usually is spoken by individuals who suffered an attack, due to the fact that they did not follow simple recommended security guidelines for their website.
WordPress is perhaps the most popular platform for web development, and for good reason; it is extremely flexible in design, can be customized for a high degree of functionality, easy for the business owner to administer and add content, able to be highly optimized which makes it a clear favorite for search engine rankings.
Because WordPress is so popular, it is a bit like Windows… hackers get the ‘most bang fo their buck’ by writing infectious code that targets the millions of WordPress websites. For that reason, a WordPress site that is not protected is nearly certain to be hacked at some point. It’s not a matter of “if” but “when.”
Malicious hacking of WordPress websites is on the rise. A recent survey found that 90% percent of businesses suffer some level of attack every 12 months. These attacks vary from infecting websites with malware to complete corruption.
What do you think would happen to your business if your website was hacked?
ABC news ran a story and said that in one year alone $1 trillion dollars worth of intellectual property was stolen due to malicious attacks. Small businesses are the primary target.
Here are the key tests a business must do to establish their WordPress security.
WordPress Version Test:
Keeping the WordPress core up to date is one of the most important aspects of keeping your site secure. If vulnerabilities are discovered in WordPress and a new version is released to address the issue, the information required to exploit the vulnerability is almost certainly in the public domain. This makes old versions more open to attacks
WordPress Config File Test:
Keeping the website wp-config file hidden from outside of your network makes it harder for hackers to compromise your database.
WordPress Username Test:
Its important to change the wordpress username from its default setting of Admin. Leaving it as Admin means that potential hackers have only to guess the password.
WordPress Install File Test:
There have been several cases where attackers have used the install file to create access to the database. Its important to remove or move this file.
WordPress Upgrade Script Test:
There have been several cases where attackers have used the Upgrade file to create access to the database. Its important to remove or move this file.
WordPress Readme File Test:
The readme.html file reveals to a potential attacker the exact version name of wordpress you are using. This means it would be easy for them to identify weaknesses in your version and use them to compromise your website.
Uploads Directory Test:
The Uploads folder contains images and files that are maintained using the media section within wordpress. Leaving this open to the outside means that attackers could steal access to hidden files. This would also be a copyright risk.
Google maintains a directory of sites that may have been hacked or compromised and are hosting malware or dangerous code used in phishing attacks. Its important to ensure that your site is listed as safe, or it may be removed from Google’s search engine.
Of course, analyzing your present security holes is halfway toward actually modifying your site to solve the various problems.
TruBlu Web Consulting values the security of your business. It’s important if you have a WordPress website that you solve these critical problems today; the vast majority of WordPress sites we analyze are not protected and are at risk of catastrophic loss. Avoid this costly data recovery and loss of business.
For more information on how TruBlu can help your WordPress security needs, watch this short video detailing how you can fix two of the most common security threats yourself for free –
If you want us to analyze your website for wordpress security issues, please complete the form below: