Your website is a bit like a home – it’s secure if you take the necessary precautions, but completely vulnerable to burglars if you don’t. However, in the world of websites, we are not talking about burglary but hacking – and there are more and more of them every year. How are WordPress sites hacked? Is it possible to protect your WordPress site? The following WP maintenance tips and recommendations will allow you to improve the security of your website, your data and thus protect your content against malicious attacks.
- Brute Force attacks
- How to secure your WordPress site against attacks by Brute Force?
- Access a site via an unsecured hosting server
- How to protect your accommodation?
- Hacking a website via a WordPress plugin
- Keep your WordPress plugins and themes up to date
- I was hacked via the Social Warfare plugin
- Protect your WordPress site by keeping it up to date
- Secure all your sites without exception
- No risk does not exist
BRUTE FORCE ATTACKS
It is easy to imagine someone trying to break the front door of a house by force. If the thief persists, logically, he will eventually break down your door.
To force a website, the principle is quite similar: hackers use automated software to try to guess your WordPress username and password, until they successfully hack your site. This technique is called brute force attack. They often use a list of the 500 most common passwords, trying each one on the WordPress login page of your site. It only takes a robot a few minutes to enter a few hundred combinations. You’d be surprised how many people just use “admin” as their username.
Brute force attacks are extremely common on WordPress sites: on average, 26 million attacks take place every day. It is therefore vital to protect your WordPress site against this type of attack.
HOW TO SECURE YOUR WORDPRESS SITE AGAINST ATTACKS BY BRUTE FORCE?
Fortunately, there are several ways to protect your WordPress site against this type of attack. One of the most common defenses is to use a very complex password for your WordPress account. This obviously applies to all user accounts on your WordPress. To improve the security of your website, review all user accounts at regular intervals. For security reasons, always delete inactive accounts, including those of former employees who no longer work for your company.
Indeed, we recommend that you use an identifier composed of alphanumeric symbols, combining lower and upper case. Regarding the password, same principle with the addition of special symbols, example: “! “,”? », Etc.
In addition, one of the best ways to protect your WordPress site is to set up active attack monitoring 24/7. A security plugin, can automatically detect and block attempts to hack your website. Regarding the brute force attack, you can for example limit the number of connection attempts.
ACCESS A SITE VIA AN UNSECURED HOSTING SERVER
Your hosting environment plays an important role in the security of your WordPress, and the hosting server can be an access point for hackers.
Let’s take our metaphor a little further on burglary: it seems obvious that the environment in which you live influences the security of your home. This is particularly evident in a building with several apartments. If your parking lot does not close completely, or if the building entrance is always kept open, the risk of burglary increases. Your environment therefore becomes a threat.
The same goes for your website. If you are on a shared hosting platform, your site is probably installed on a server with thousands of other sites. No matter what you do to secure your own site, if the server is not secure, the risk of hacking increases. In addition, if only one of the server sites is compromised, all sites are at risk. After all, if a burglar manages to break into your neighbor’s apartment, he knows that he is able to gain access to all of the apartments in the building.
HOW TO PROTECT YOUR HOSTING?
Your hosting environment can have multiple impacts on your site, ranging from security to performance. When you plan to have little traffic, it can be tempting to choose a cheap server, but you could pay for it in the long term. “cheap is expensive” as I like to say often.
Therefore, I strongly advise you to choose a “managed” WordPress hosting. In a “managed” environment the host takes care of all the technical details such as creating backups and server updates and you have your peace of mind! In practical terms, I recommend that my clients opt for a trusted host, such as DMTwebhosting for example, which places security at the heart of its offer, as indicated on their page: data security and GDPR.
DMTwebhosting secure hosting
DMTwebhosting offers secure hosting solutions
HACKING A WEBSITE VIA A WORDPRESS PLUGIN
Hackers can also access your site through a security hole in a WordPress plugin installed on your WordPress. This happens very frequently.
In the case of your home, you may sometimes bring in people you do not know: a landscaper to take care of the garden, a plumber to repair a leak, or a nanny to babysit. Obviously, you are not going to hire anyone, you are going to check beforehand that they are trustworthy. Zero risk does not exist.
WordPress plugins (or WordPress extensions) work the same way. Each WordPress needs plugins to perform different functions, and one of the great advantages of WordPress is that developers are constantly bringing in new features. The problem is that each plugin requires constant maintenance and monitoring. An extension can work perfectly for months, even years, until a security breach is discovered. This flaw becomes an open door to hackers until the developer creates an update to fix it. If you do not implement this update, then you leave your door open to hackers.
KEEP YOUR WORDPRESS PLUGINS AND THEMES UP TO DATE
The best way to avoid security issues related to plugins and themes in your WordPress is to use an experienced developer to update all plugins every month. It is also recommended to ask your developer to conduct his little investigation of a plugin before installing it. He can then consult the reviews, as well as the profile of the developer behind the plugin, before deciding if he is trustworthy.
Always keep an eye on your plugins, in case the creator stops updating them. One of the main dangers for your WordPress is abandoning the plugin. Ultimately, WordPress will eventually delete an abandoned plugin, but only after finding a major violation on a large number of websites. Recently, a flaw was discovered in the Duplicate Page plugin, and more than 800,000 websites have been affected.
PROTECT YOUR WORDPRESS SITE BY KEEPING IT UP TO DATE
In addition to WordPress plugins and themes, you should also keep your version of WordPress up to date. Monthly or quarterly, a new version of WordPress is published and often includes security fixes. Before updating to the latest version, always ask your developer to test the latest version in a test area. This gives you the opportunity to discover a possible problem – for example compatibility problems with the plugins you have installed – before the change is posted on the site.
SECURE ALL YOUR SITES WITHOUT EXCEPTION
As the owner of a “small website”, you may be saying that you have nothing precious to protect and therefore to steal. In this case, why would a hacker care about me? Unfortunately, it doesn’t work like that. Quite the contrary, since the “little WordPress” actually make easy targets, and allow access to visitors to said site. Once your visitors are exposed to the hacker, they make new easy targets, and so on. It is therefore essential for any owner to protect their WordPress site correctly, and regularly.
NO RISK DOES NOT EXIST
As you can see, there are effective solutions that are relatively simple to implement to prevent the vast majority of hacking risks. However, by way of conclusion of this article dedicated to WordPress site security, I would like to recall that zero risk does not exist. Indeed, even if you have all the best plugins and security software, you are not definitely immune to discover one morning that your website has been hacked, as it happened to me. Therefore, the most effective means remains and will always remain you! Or if you prefer: your vigilance, your daily monitoring of the website, and your experience! And if you can’t do it yourself, it’s best to leave it to professionals.