WordPress websites are vulnerable and have been for a while. Here’s an article if you’d like to learn what hackers do with your hacked website. But why use WordPress? Mainly because the WordPress platform is so popular and common!
WordPress websites make up over 27% of the internet.
Anyone can write tools for WordPress and this is great and challenging at the same time. Not all of the plugins, etc will be problem-free and built with the same standards as others. All it takes is one popular, well-used plugin with security problems to affect a lot of websites.
Remember though that because WordPress is built around a community of dedicated folks, this community is always upgrading and improving the core of WordPress. They are finding exploits and patches to fix them. When other developers build very useful tools that work with the main WordPress platform and maintain updates and patches, everything can sync and work great. This is only if you keep everything updated on your end!
The WordPress Core, the foundation of WordPress website, is a secure of piece of software. It’s what you place on top of this platform that can cause problems. A theme that hasn’t been updated in a year, multiple plugins that haven’t been updated in months, and multiple other things.
Here’s some great steps to make sure your website stays safe (or prevent many malware attacks)
Limit access to your site:
Keep the number of people who have administrative access to your WordPress site to a minimum.
You should also keep the number of possible entry points, such as extra outdated Themes, to a minimum.
As a rule, you should only install web applications that you need and use. Remove any unused plugins and themes.
Note, when you install WordPress from certain web hosting companies, they will bundle a lot extra plugins and themes. Be sure to remove as much as you can, especially if you aren’t using them.
If you have installed one version of WordPress, don’t try and run multiple versions of WordPress. Having multiple versions makes you vulnerable to an attack and they are also very hard to keep maintained.
Maintain reliable backups. You should verify the integrity of your backups on a quarterly basis to make sure that you can restore your website if it is damaged. Have a plan to recover your website if it is compromised and document this plan. This can included doing a monthly check on your site, making sure it functions correctly, forms work properly, and links go their correct destinations.
Stay Up To Date
Do your best to stay current with your WordPress installation and updates, including plugins and themes. We recommend updating the theme, plugin, and WordPress itself once a month, at minimum.
Do not get plugins/themes from sources that are not trusted. Googling for a free version of a premium plugin is a recipe for disaster. Malicious people and organizations distribute what is known as ‘nulled’ plugins and themes, which contain harmful code that may extend the premium plugin, but bundle it with malware.
Security Updates and News
All software has vulnerable points, and WordPress is no different. To stay current, we recommend subscribing to Wordfence, and other security plugins newsletters. Blue Deer Forest offers a WordPress Monthly Security Plan that takes care of all updates, creates frequent backups, as well as monitors your site via security plugins. Contact us if you’d like to sign up and worry less!