Digital Insights

How to Protect Your WordPress Website


Published: December 16, 2014

WordPress is the most popular open-source content management system in use today, powering more than 47 million websites worldwide. Users are attracted to its ease of installation, full customization capabilities, clean user interface, availability of thousands of interchangeable themes and plug-ins, and the helpful global support community of WordPress developers and programmers.

Unfortunately, WordPress is also attractive to professional hackers and malicious pranksters who find unprotected WordPress sites an easy target for their digital brand of mischief. An out-of-the-box WordPress installation has a number of security vulnerabilities that can easily be fixed by implementing a few basic site hardening techniques.

Why are WordPress Sites so Vulnerable to Attack?
The fact that WordPress is an open source platform gives anyone with a basic programming skillset open and easy access to the site structure. The extensive documentation available for WordPress provides hackers with all the information needed to identify platform vulnerabilities that are ripe for exploitation. The open source platform allows hackers to write malicious code and create plug-ins free of any official regulation and oversight beyond that provided by the global support community.

Open source also means that every time a new update or security patch is released, a change log is published for everyone to see, including hackers. While details of the new code changes are not made available, a determined hacker can target vulnerabilities in older versions by simply identifying what problems the new update or patch was created to fix.

How to Tell if Your Website Has Been Hacked
The following are some of the more common tell-tale signs that your website has been hacked:

  • If your site suddenly disappears, your site may have been hacked. Just be sure to verify that your domain name or hosting account hasn’t expired before you hit the panic button.
  • If your site suddenly starts to load extremely slowly or crashes for no apparent reason.
  • If another website is displayed when you enter your URL, your site may have hijacked. Look for a new code in your files similar to this:
  • New text added to your site or new links for unrelated products or in a foreign language may indicate an attack.
  • If the public and admin sections of your site suddenly look the same.
  • If you suddenly find unexplained fragments of code at the top or bottom of your web page.
  • If your sent emails are suddenly being marked as spam.

Safeguard Your Site with a Strong Password
As estimated 8 percent of all successful attacks on WordPress sites are attributed to weak passwords. Choose a password with a combination of at least 8 letters and non-sequential numbers. Don’t use the same password for other online accounts and never store your passwords in an online file.

Routinely Change Your Admin Log-in Names and Passwords
Change your log-in credentials at least twice a year, or whenever an employer with access to your accounts leaves your company. An easy way to do this is to create a new admin account then delete the old one.

Always Run the Latest Version of WordPress
Hackers frequently target websites running older versions of WordPress because they contain vulnerabilities that have been fixed in newer versions. Be sure that your website is always running the most recent version of WordPress for maximum protection.

Add a Good WordPress Security Plug-in
Security plug-ins add an additional layer of security to your WordPress website; some of the most popular choices include All in One WP Security & Firewall, BulletProof Security, iThemes Security, and Secure.


logged in to post a comment.