WordPress is the number one content management system on the market. It has become so popular over the years, that many of the world’s most recognisable websites like The New York Times, Forbes, and The Wall Street Journal use it for web publishing today. While the popularity of WordPress has remained relatively constant during recent years, the platform has also been a frequent target for hackers.
How Popular Is WordPress?
WordPress is the number one ranked content management software in the world. It holds a market share of 59.3% and currently powers over 17 million websites. The latest version of WordPress released in August 2016 has already been downloaded 3.8 million times. However, WordPress has not always been in the spotlight for all the right reasons. The platform has been revealed to be vulnerable to targeted attacks and WordPress has found itself at the centre of some of the most high-profile security breaches in the last few years.
How WordPress Accounts Get Hacked
WordPress is a free open-source and a highly flexible content management platform. This makes WordPress not only attractive to prospective users but to hackers as well. In 2011 WordPress suffered a large-scale data breach that left 18 million WordPress accounts compromised. In 2014, 162,000 WordPress sites were used for a Distributed Denial of Service (DDoS) attack and earlier this year outdated WordPress sites were revealed as the sources of the notable Panama Papers breach.
Most of the time blog users and owners of websites powered by WordPress are not fully aware of how these attacks happen. One of the most common culprits are the platforms’ free plugins. Since anyone can write and distribute third-party plugins these WordPress components are prone to different vulnerabilities. WordPress sites have also been known to suffer Brute Force Attacks and DDoS attacks. The former refer to simple trial and error attempts at gaining access to private accounts by guessing usernames and passwords while the latter happen when several malware-infected systems attack a single target.
How to Prevent Attacks
While safety is unfortunately never fully guaranteed, there are a number of steps that WordPress users can take to minimise the risk of attacks. In order to prevent attacks resulting from vulnerable plugins, users are advised against downloading plugins from suspicious or untrustworthy sources as these are more likely to contain malware. The best form of prevention against Brute Force Attacks is using long complex passwords. WordPress users can minimise the risk of DDoS attacks by choosing a secure host provider, installing official WordPress AntiDDoS plugin and by using the latest version of the CMS.
WordPress also offers an array of plugins that function as malware scanners such as Sitesassure WP Malware Scanner, Sucuri Security, and Quttera Web Malware Scanner. Lastly, WordPress users should remember to backup their WordPress sites and databases regularly. This can be done manually or by installing one of WordPress automatic backup plugins such as UpdraftPlus Backup, Restoration, VaultPress, BackupBuddy or BackWPup.
For more on WordPress take a look at this infographic from Skilled.co that contains 28 surprising facts about the number one content management system in the world.
100 Tips for Maintaining Your WordPress Site
Defend your site from hackers, improve speed, and learn tactics used by WordPress experts
Thank you for subscribing.
Something went wrong.