Best State of Art IT Security Solutions
The best Innovative and powerful IT Security products

You are here: SecPoint & IT Security News

Secure your WordPress sites what is the Popularity & its Security Weaknesses


That WordPress is far more than just another publishing system shows the fact that the likes of eBay and Reuters News are the ones using it. Since its beginning back in 2003, WordPress has gained such momentum, that it seems it is here to stay for good.  With the title as the most popular website management/ blogging system, WordPress has supported more than 60 million websites, with more than a quarter of the top 10 million websites having its configuration. So we can’t help but ask:
 

Where does this Wordpress popularity come from?


The number one reason why so many people love it is its simplicity. WordPress has gained its reputation as a simple CMS thanks to its ease of use. Unlike the unnecessary complex hand-coding that non-WordPress sites usually require, WordPress provides an easy-to-use interface that allows users to , for example, change their theme in under 10 seconds, insert a tag within an article without actually opening the said article, or link to the content using the drop-down menu. But aside its practicality, WordPress has another great side - its creative potential.  Users can choose one out of a number of different themes, designed by both professionals and amateurs, either free of charge or for a small fee.
 

In short, WordPress allows any user to build a customized site, with all the social sharing, maps, SEO and e-commerce in just a couple of hours. No wonder WordPress has been such a hit.
 

But, all this popularity does come at a price. Recently, WordPress has been the target of many different hacker attacks, exploiting different vulnerabilities of the WordPress system.
 

Get a free vulnerability scan of your Wordpress site click here

An example of the attack comes in the form of the SQL Injection, an app bug that enables cyber criminals to inject malicious SQL code into the web inputs, allowing them to find out the location and structure of the key database.  What this eventually means is losing a database through stealing or hijacking of the affected site.
 

But, isn’t WordPress protected against such attacks?
 

Yes and no. Though WordPress strives to keep everything safe and sound, there is no way avoiding the glitches, or better to say, vulnerabilities that can stem from certain plugins.
 

The Structured Query Language Injection targeted precisely one of these vulnerabilities found in one of the most popular WP Statistics plugin, so popular that over 300000 users installed it. WP Statistics plugin provides information to the WordPress user about the page statistics, including the number of visitors on the page, the number of visitors currently online etc.  The vulnerability stemmed from the lack of sanitization of the data that users provide, which essentially means that anyone with a subscriber account can steal any information from the database and even take over the WordPress site.  And do it all remotely!
 

This is one of the examples of the vulnerability types that WordPress can exhibit. And even though the glitch has been fixed with a new WP Statistics plugin, we are left to wonder how many glitches there are and if there is anything we can do to keep our WordPress websites safe.
 

A few tips on how to keep your WordPress website secure
 

A standard WordPress login page URL is something that is available to everyone, hence why there are so many brute force attacks. But URL can be customized by adding extra information at the end of the domain name. This is the first step to securing your WP site.  
 

The next one is to secure the admin dashboard by using the password. This makes it that much harder to hack the WordPress site, as there are now two passwords, one for the login page and the other for admin dashboard, which an attacker has to break.  Different plugins can be used to create that second password.  Another great way to secure admin panel is to use the SSL certificate, which secures the information transmitted between the server and user browser.
 

Next to the URL address and admin dashboard, another point of WordPress that needs securing is database.  As each WordPress database uses a wp-prefix, it is important to customize it, rather than to use a default one. Thanks to a few plugins, such as WP-DBManager, changing the prefix can be easily done.
 

The last thing that a WordPress user can do to secure their website is to make sure that their themes and plugins are protected. The best way to do this is to update regularly. Though it might be a bit of a bore, as WordPress gets updates more frequently than other software products, it is essential, as these updates often mean fixing bugs including vital security patches.

According to the W3tech report in July 2017

The most popular CMS systems are as follows:

Wordpress: 59,2 %.
Joomla: 6,9 %.
Drupal: 4,7 %.
Magento: 2,5 %.
Blogger: 2,1 %.
Shopify: 1,5 %.
TYPO3: 1,5 %.
Bitrix: 1,5 %.
Prestashop: 1,3 %.
Squarespace: 1,3 %.

 

 

Powerful UTM Firewall, Vulnerability Scanner, WiFi Penetration Testing software

SecPoint is specialized to deliver the best IT security solutions and products.

Compatible with Product
Securely protected by SecPoint
Customer reference King Customer reference New York Customer reference ROC Customer reference Rochdale Customer reference Roscrea Customer reference Tradetracker Customer reference Unicef Customer reference King Customer reference New York Customer reference Roc Customer reference Rochdale Customer reference Roscrea Customer reference Tradetracker Customer reference Unicef