Greetings from Allan at MindVisionmedia.net and I hope this post finds you all well!
Recent revelations have disclosed that with WordPress reaching record numbers in popularity, the threat of hackers and those who have nothing better to do than infringe and impose on the hard work of others has increased.
Over 75 million websites now use WordPress, that’s pretty impressive for an open-source development project that started out as a tool for Blogger’s!
In a recent article by Imperva, WordPress sites are attacked almost 25% more than any other CMS. Why is that you may be asking, part of the reason is because it is a free tool accessible to not just fortune 500 companies and high-level entertainers, but also to the everyday Joe and Jane who know nothing about websites and may not be Internet savvy enough to know the dangers of starting a website or Blog.
Of course its safe for the most part, but there are hidden dangers lurking just behind all those cute little pictures, graphics and stories on your website or Blog.
Anybody can copy and paste some images or install a plugin to put up a website. But far too many users don’t research or know what the risks are once you open up your life and the life of your visitors and users to the world. Self-proclaimed webmasters often think they have it all down pat, that they don’t need to know anything other than copy and paste, that they don’t need advice or skills beyond that but many have learned the hard way and continue to do so.
According to research, alerts and articles from companies like Imperva and Wordfence, attacks are on the rise partly because of the relaxed, comfort mentality many feel once they set up a website. I am here to tell you there’s more to a WordPress website than having a pretty site with bells and whistles. Not only do you need to know about other skills like HTML, CSS and PHP as well as server-side functions and settings, but having a broad knowledge of security is a must in today’s Internet driven society. Otherwise it’s not a matter of if, but when you will be compromised.
WP experiences 60% more XSS incidents which is a type of security vulnerability which allows attacker’s to inject external client-side code on a website. 48% of all attacks are against retail-type applications, Blogs with many users and login functionality suffer almost 60% of these attacks and more than 60% suffer an SQL attack. Comment spam remains a major thorn in many a side too these days and it can be a nightmare to get rid of if it infects your database and user tables.
What can you do? For one, I used to create passwords that I could remember, but now with so many accounts for this and that, it has become almost impossible for me to remember all of them. Now with experience in matters of site security and helping others with the same, I create passwords that are impossible for me to remember let alone a hacker to figure out, called “strong passwords“.
This helps a great deal but it doesn’t stop there. Changing that strong password periodically helps as well as having good reputable security plugins and themes installed. Old themes and plugins leave cracks in your security so always update right away if the update won’t break your site or have major conflicts with the normal function of your site that is. If so, search for an alternative but know that occasionally it may be best to eliminate that conflicting plugin altogether.
Always research the update to know before hand if a conflict is expected, check the log files and change log of that plugin or theme to see exactly what they changed. In some cases as with the popular Responsive Theme in recent updates, an update can break your site and cause all types of problems. Also, install an SSL certificate if you do a lot of e-commerce or user registration, this will help protect valuable personal information from you and your customers and registered users.
Your web host should be reliable and accessible 24/7 to address issues with security and also provide updates and notices about current threats. They should provide you with information about their efforts to fight such threats openly and in a timely manner. After all, one site can infect an entire server so it is in their best interest to educate and work with their clients to ensure everyone is protected.
And don’t forget, keeping your personal computer safe is part of maintaining a website too, an often overlooked aspect of site security. if your computer is infected and you are uploading files to and from your site, guess what, you’re spreading the infection! Other than that, always keep a recent backup of your site and database in case of the worst scenario.