Give me the scare stats
WordPress has long been known to be the number one content management system (CMS) being utilized on the web. A primary reason has been the web development community’s overwhelming adoption of open source coding. Basically, a share and share alike philosophy. According to W3Techs most recent survey, this philosophy has WordPress now powering roughly 28.1 percent of all websites in the world. What this has also lead to however, is that 74% of websites having been infected on the web over the last few months have been WordPress websites. (For real time information, you can find historical trends and statistics at Web Technology Survey’s website.)
Hackers find WordPress cracks to crawl in and hide like the boogey man. But here’s where to look if something goes bump in the night.
We all know getting hacked isn’t fun, but what are some of the signs and how serious can it get? One of the scariest circumstances is not knowing you’ve been hacked. The best-case scenario for a hacker is covering their tracks so they can continue to use your site for drive-by-downloads, redirections (redirecting visitors from your site to a website that could generate income for themselves) or other system resources like your server and hardware for sending out spam emails. But still, what are the signs? The most obvious is when a hacker has vandalized your website, you’ll type in your web address and realize your site is no longer there. A little more unbecoming is when the hacker may redirect traffic to an inappropriate website of their choice. Less noticeable signs may include strange traffic in your web logs, unexplained spikes in traffic, and if you’re lucky- Google or Bing giving you a shout out that your site has been compromised.
What’s in the monster playbook?
Let’s start with the stats. Why are WordPress sites vulnerable? Check out where their entry vulnerabilities lay:
41% Getting hacked through a weakness in your hosting platform
29% Your theme is insecure. Make sure you’re downloading and installing your themes from some reputable source—no bootleg versions!
22% Your plugins are vulnerable. Although not needing custom coding is a huge selling point, it’s also a huge risk having so many (potentially outdated) plugins and software updates on a single platform. (The most attacked plugin comes from Revolution Slider (revslider)).
8% You are part of the weak password club (HINT: the most common password of 2016 was 123456)
Vulnerability is the holy grail of reasons why WordPress gets so much attention from hackers. Knowing that a website is built on WordPress is a guaranteed touchdown because more than half of all successful hacks come from repeatedly shared and implemented WordPress themes and plugins. And it has a sasquatch of a footprint. With this many sites to penetrate what’s a hacker to do but to automate their attacks. Unless you are a large corporation, hackers rarely have a specific reason to be messing with your site. Hence, no matter how small or inconsequential your traffic, you are always a worthwhile target.
How to arm yourself for battle
Before any battle, it’s best to be a little proactive, right? Check your surroundings, size up the enemy…you get the point. Well, with WordPress, being preemptive is key.
First things first: Choose a high-quality hosting provider. The statistics above speak for themselves in showing that a great host has a big impact on the security of your site. What makes a great host, besides fantastic hors d’oeuvre’s? They should perform regular scans and daily backups and support the most up-to-date versions of PHP and MySQL. Offering a WordPress-optimized background and an experienced staff wouldn’t hurt, either. You can find a list of reputable hosts here and here.
Next up to bat: Perform regular backups. Although a good host should do this, already, some of you may want to be extra careful. If you’d like to implement a backup to your backup, click here for some ideas.
Three’s a charm: Fortify your login. Making sure you have a strong password and login information is an easy task, especially after you check out last year’s worst passwords. Change it often and PLEASE avoid using the admin username.
Other than the biggies, make sure you keep an eye on the rest, too:
• Keep WordPress and your plugins up to date
• Hide WordPress version number
• Disable plugin and theme editor
• Turn Off PHP reporting
And remember, if you do get hacked, stay cool, calm, collected…and grab a flashlight. And call us if you can’t sleep at 978-463-0780.