TABLE OF CONTENT
- TABLE OF CONTENT
- So is WordPress really safe?
- Main Reasons for Website Hacks:
- WordPress Security:
- WordPress Basic Security Practices:
- WordPress Plugin Best Practices:
- WordPress Security Plugins:
- List of threats to protect ourselves from :
- List of Plugins for Security:
- WordPress Website Safety Checks:
- Conclusion:
- RELTED ARTICLES:
- SUMMARY:
WordPress is an amazing free platform for anyone to host and start a website from scratch and develop profitable online business from it. But most of Word press’s competitors claim that the main problem with WordPress is the security issues that comes with it.
So is WordPress really safe?
Yes! Personally I have been using wordpress for more than 4 years now and I haven’t seen any hack attempts or malicious login attempts on any of my websites yet!
But over these years I have been hearing about numerous vulnerabilities from different plugins which might cause poor performance or a site crash temporarily. Again my websites didn’t have any such incidences so far.
Is it 100% safe? Close to 100 if we follow the best practices that’s listed in this article. Why would big companies like Walt Disney, Backlinko, BBC America, TechCrunch use WordPress if it isn’t safe? Read fully to make sure you have the best website security for your wordpress website
WordPress Core : The wordpress core consists of all the source files and is maintained by a top level security team and hence hacking attempts here is nearly impossible
Main Reasons for Website Hacks:
Would you believe me if I told you that the major cause for wordpress sites being hacked are often preventable?
- Outdated WordPress Version:
- Outdated versions have vulnerabilities that’s in Public Knowledge!
- Outdated Plugins and Themes:
- More than 60% of hacks happen because of running outdated plugins and themes which might have multiple vulnerabilities.
- Malicious Login Attempts:
- Having low quality passwords or passwords that are leaked because of many personal security reasons are often why some sites get hacked.
- Attacks :
- Practices like Phishing, Password theft, Brute force attacks are responsible for 16% of hacks
- Supply chain attacks : This is something that’s very hard to prevent since the hacker would essentially purchase a WordPress plugin and update this core code with malicious code so when someone updates the plugin, he hacker get’s access to everything.
- Outdated tech/Codes used :
WordPress Security:
WordPress Basic Security Practices:
- Keep really strong passwords
- Have an SSL certificate for your site
- Host the site in a secure provider
- Update any WordPress upgrades as soon as they roll out since the vulnerabilities are in public knowledge
- Avoid picking random themes from third party websites and double check the theme’s security level before going ahead with it
- Setup Automatic Backups of your website
- Add two factor authentication for your hosting account and any other backup email accounts so no one can login without your knowledge
- Limiting the number of login attempts permitted
WordPress Plugin Best Practices:
- Updated frequently : The plugins that have proper maintenance
- Popularity and ratings : Chances are you’ll know if the plugin is good or bad based on the ratings and reviews that we see there. Stay away from low rated plugins
- Third party plugins: Plugins that aren’t in the wordpress plugin directory should be avoided at all cost! I have used some plugins like that for some specific needs but atleast make sure that the developer or the owner of the plugin looks trustworthy
- Update the plugins frequently since updates often come with security patches!
WordPress Security Plugins:
There are numerous plugins Available out there to improve our WordPress Website security. Let’s explore some of the important ones in this video:
List of threats to protect ourselves from :
- Active security monitoring
- File scanning during upload
- Malware monitoring, detection and removal
- Protection from malware injection
- Blocking out Suspicious IPs Scanning our site for vulnerabilities
- Blacklist monitoring
- Post-hack actions
- Setting up Firewalls
- Brute force attack protection
- Keeping track of failed Login Attempts
- DooS Attack monitoring and prevention
- DNS Change Detection
- Automatic Backup of all files and database elements
List of Plugins for Security:
Here’s a list of plugins one would need for all of the above :
- Sucuri Security
- Ithemes Security
- WP Scan
- All in one WP Security and Firewall : Proper Backups and security
- JetPack : For both performance and security
Safety Measures | Apps | Alternatives |
DNS Change Detection | Sucuri | |
Website Uptime Monitoring | Sucuri | |
Malware monitoring, detection and removal | Sucuri | Wordfence |
Setting up Firewalls | Sucuri | Wordfence |
File Change Detection | iThemes Security | Wordfence |
Brute force attack protection | iThemes Security | Wordfence |
Lock out bad users | iThemes Security | All in one WP Security & Firewall |
Blacklist monitoring | iThemes Security | All in one WP Security & Firewall |
Automatic Backup of all files and database elements | JetPack Security | All in one WP Security & Firewall |
Activity Log | JetPack Security | |
Spam Protection for Contact forms and comments | JetPack Security | |
Email Alerts if site goes down | JetPack Security | |
One click restoration of site | JetPack Security | |
File scanning during upload | WP Scan | |
Look for Plugin Vulnerability | WP Scan | |
Look for Theme Vulnerabilities | WP Scan | |
IP filtering to block specific people and geographical locations | All in one WP Security & Firewall | |
Manage, unblock and block suspicious IPs | All in one WP Security & Firewall |
With this table it is pretty evident that we do not need more than 3-5 good plugins protecting our wordpress website from all possible attacks. If we just follow the good practices and use these plugins and monitor properly, there’s no need to worry about a site hack!
Remember, wordpress is free and even if some of these plugins have paid versions, it’s still more affordable than the expensive wordpress rivals which pretty much offers the same level of security.
WordPress Website Safety Checks:
One can check the safety of a website via the following tools:
- https://validator.w3.org/
- https://ssltools.digicert.com/checker/views/checkInstallation.jsp
- https://sitecheck.sucuri.net/
- https://pentest-tools.com/website-vulnerability-scanning/website-scanner
- https://www.immuniweb.com/websec/
Even if we have everything covered with various plugins and est practices, it’s very important that we check the security of our website using these tools periodically just to be extra sure that things are protected well. Afterall, it takes so much effort to build a strong website with good organic reach and brand equity and so we need to make sure that our efforts don’t go n vain.
Conclusion:
So, after reading through this article, we can say for sure that any wordpress website can be well protected and the myths about wordpress security are not true. With proper security checks and plugins in place to guard our website from third party attacks, we conclude that wordpress is in fact very secure!
RELTED ARTICLES:
SUMMARY:
WordPress has a reputation of being insecure but is that really the case? We have explored the common reasons why WordPress website sometimes can get hacked and we have run through all the important plugins that one should have in order to protect their website from any sort of threat!
AUTHOR SECTION
Written by Sai Subramaniam
Sai has over 5 years of experience in digital marketing and SEO working with over 20 companies to build their online presence. He created digital hope to share important news, updates and strategies related to digital marketing and SEO. Explore the SEO content writing course to get a good grasp on ON SITE SEO and Content writing