WordPress core, theme and plugin security, username and password best practices, backups .and firewalls are amongst the easiest and quickest ways to implement security on your WordPress website and help reduce your chance of being hacked. Your WordPress security can be enhanced further by adding some extra layers of security including:
- Securing the .htaccess file to allow or disable options
- Limiting file permissions of files and folders on your server
- Blocking the ability for code to be executed in places code should not be executed (e.g. your uploads folder)
- Disabling file editing
- Using HTTPS to encrypt all communications between browser and server.
We are often asked why are WordPress websites so prone to attack?
WordPress powers a lot of the web and as an open source community, there is no restrictions on who can use it, edit it or build themes or plugins for it. Due to the open nature of this code it can also attract hackers who know how to exploit weak or insecure code. Due to the volume of WordPress websites on the internet, their chances of finding a vulnerability to exploit are greater than with other technologies.
What about hosting?
Most web hosts have their own security protocols in place but the majority of shared hosting services do not have adequate software in place to thoroughly scan and protect a WordPress website. There are things you can do such as edit the file permissions on your server but if there’s a vulnerability with your host’s security there will be nothing you can do about it until it’s too late.
Brute Force Attacks – What Are They?
A brute force attack can also be one thing that’s out of your control as a site owner but it can be acted upon if you are notified and respond quickly. This type of attack is an attempt to guess your database or administrator password, username or both using a trial and error approach that with enough attempts will eventually get the right combo. This is a common cause of WordPress website attacks as it is effective and popular with hackers.
Brute force attacks can last quite some time and can often eat through your hosting resources causing your website to crash. Many usernames and passwords that are obtained via brute force attack are then released on hacker forums meaning it’s open season on your website.
The quickest method to compromise your web site security consists of including poorly coded, maliciously coded or outdated themes or plugins from untrustworthy or pirate websites. As a result of the open nature of WordPress a lot of premium themes and plugins are pirated and distributed for free on pirate or nulled download websites. Its common for themes and plugins to be pirated with the addition of hidden or malicious code. This code can be the code that gives an attacker full control over your website. .
