WordPress websites have always been a sweet target for hackers and script kiddies looking to have some fun at the expense of damaging and defacing websites. Back in July 2014 the popular plugin”MailPoet Newsletters” was exploited to cause damage to over 50,000 sites across the web. For a hacker, it’s also worth investing money and time in identifying vulnerabilities, since millions of site’s around the globe use WordPress, and having the ability to compromise one of these can lead you to be able to replicate it for additional site’s with exactly the same vulnerability too.
The website WPvulndb.com lists all the known exploits and vulnerabilities and categorizes them under WordPress CoreThemes, Plugins and Themes. This article explains how you can check if your WordPress site is exposed and what precautions to take before you fall prey to an attack.
The security company Sucuri, tried to contact the programmers but to no avail. They posted this message on their blog:
“Because of the unresponsive nature of the development team, we’d encourage you to pursue other sources for your own WordPress form needs. There are various options with developers that are extremely responsive and are actively concerned with your security requirements.”
This means that using such a plugin may be damaging to your site’s security and might lead you to be a hacking sufferer due to the defects in that plugin fix hacked WordPress site. Always install plugins which have good reviews, great ratings, are compatible with your existing version of WordPress and are frequently updated by an active programmer team. You can see the plugin information and inspect them before integrating it with your site.
Exactly the same applies to WordPress Themes as well. Always read the theme testimonials and see their rating before you pick a theme. Also, just because you pay for a theme doesn’t signify that it’s more protected or contains no vulnerabilities, the sole advantage is that you will have the ability to get hold of the developers to patch your motif or upgrade it. Bad coding in the topics may direct your website to become open or slow it up for hackers to exploit.
Always keep your WordPress major version and all other plugins and themes current. You can do this manually or if your web host gives you an auto-installer, you can allow the auto-installer to update WordPress, the themes and the plugins through a scheduled cron command. Keeping your site in sync with the latest variant will prevent hackers from exploiting old vulnerabilities, for which a fix is already available. Although this is a very straightforward and easy counter-measure, keeping updated software can go a long way in ensuring security.
Always backup your site regularly and keep up a remote backup location in the event of a disaster or harm to your site. Maintaining a remote backup location is perfect in order that you”do not keep all of your eggs in 1 basket”. Ensure that your backup isn’t difficult to restore in the case of an emergency. While you are able to backup pieces of your website separately Eg: Database, Documents, Image, etc., you can also have a compressed zip copy of your entire site in a single file. Auto Installer software permits you to schedule nightly backups and place the backups to occur automatically.
Do not forget to check your site for any known exploits or vulnerabilities before the hackers do. Free online tools such as the Sucuri Website Scanner will scan your site and suggest some safety steps. They will also alert you of any major flaws in the machine and will even indicate any obsolete WordPress variations. Better scan your site before the hackers do.