Secure your WordPress Popularity Security Weaknesses
That WordPress is far more than just another publishing system shows the fact that the likes of eBay and Reuters News are the ones using it.
Since its beginning back in 2003, WordPress has gained such momentum, that it seems it is here to stay for good.
With the title as the most popular website management/ blogging system, WordPress has supported more than 60 million websites, with more than a quarter of the top 10 million websites having its configuration.
So we can’t help but ask:
Where does this Wordpress popularity come from?
The number one reason why so many people love it is its simplicity.
WordPress has gained its reputation as a simple CMS thanks to its ease of use.
Unlike the unnecessary complex hand-coding that non-WordPress sites usually require, WordPress provides an easy-to-use interface that allows users to , for example, change their theme in under 10 seconds, insert a tag within an article without actually opening the said article, or link to the content using the drop-down menu.
But aside its practicality, WordPress has another great side - its creative potential.
Users can choose one out of a number of different themes, designed by both professionals and amateurs, either free of charge or for a small fee.
In short, WordPress allows any user to build a customized site, with all the social sharing, maps, SEO and e-commerce in just a couple of hours.
No wonder WordPress has been such a hit.
But, all this popularity does come at a price.
Recently, WordPress has been the target of many different hacker attacks, exploiting different vulnerabilities of the WordPress system.
But, isn’t WordPress protected against such attacks?
Yes and no.
Though WordPress strives to keep everything safe and sound, there is no way avoiding the glitches, or better to say, vulnerabilities that can stem from certain plugins.
The Structured Query Language Injection targeted precisely one of these vulnerabilities found in one of the most popular WP Statistics plugin, so popular that over 300000 users installed it.
WP Statistics plugin provides information to the WordPress user about the page statistics, including the number of visitors on the page, the number of visitors currently online etc.
The vulnerability stemmed from the lack of sanitization of the data that users provide, which essentially means that anyone with a subscriber account can steal any information from the database and even take over the WordPress site.
And do it all remotely!
This is one of the examples of the vulnerability types that WordPress can exhibit.
And even though the glitch has been fixed with a new WP Statistics plugin, we are left to wonder how many glitches there are and if there is anything we can do to keep our WordPress websites safe.
A few tips on how to keep your WordPress website secure
A standard WordPress login page URL is something that is available to everyone, hence why there are so many brute force attacks.
But URL can be customized by adding extra information at the end of the domain name.
This is the first step to securing your WP site.
The next one is to secure the admin dashboard by using the password.
This makes it that much harder to hack the WordPress site, as there are now two passwords, one for the login page and the other for admin dashboard, which an attacker has to break.
Different plugins can be used to create that second password.
Another great way to secure admin panel is to use the SSL certificate, which secures the information transmitted between the server and user browser.
Next to the URL address and admin dashboard, another point of WordPress that needs securing is database.
As each WordPress database uses a wp-prefix, it is important to customize it, rather than to use a default one.
Thanks to a few plugins, such as WP-DBManager, changing the prefix can be easily done.
The last thing that a WordPress user can do to secure their website is to make sure that their themes and plugins are protected.
The best way to do this is to update regularly.
Though it might be a bit of a bore, as WordPress gets updates more frequently than other software products, it is essential, as these updates often mean fixing bugs including vital security patches.
According to the W3tech report in July 2017