As per the July 2019 numbers of W3Techs, WordPress is the most popular CMS because of so many reasons and that’s why it is holding #1 position with its share of 61.2% among all CMS. Also, there are 34.5% of the websites in the world are made and running WordPress CMS (Reference – W3Techs.com).
This is the reason why WordPress is on the radar of CMS hackers. Wordfence reports that approx 90,000 attacks happen every minute on WordPress based sites.
Let’s break it down and try to understand what you can do to stop it. But before we dive into it let’s make it clear that this article is for non-techie people and if you are expert cybersecurity folks then you can navigate to the latest research articles.
First, we need to understand the causative factors why WordPress is being hacked. See below image to understand that most important factors (these numbers are based on the study done in 2013, the numbers further got updated in 2016) (Reference – www.sucuri.net)
Here is the checklist of what you should do to keep your WordPress site as safe as possible.
1. Update Regularly
- Always update your WordPress core as soon as the update is available, don’t be afraid to update. All final released updates are stable and do not break your website. But just to be safe side run the updates as per below-mentioned order.
- First, check the compatibility of the (1) installed plugins and (2) theme with the latest released update – you may see the available updates of plugins and themes.
- You should execute the update process in the following order
- First – check for the available updates for theme and plugins, if they are available then update them first.
- Second – Take a back up of your website, don’t use any plugin to take backup but do it manually (Refer point # 6 of this post)
- Third – Update WordPress Core.
Read this extensive Hacked Website Report done by Sucuri on the sample size of 8000 infected website to know more about the vulnerability due to outdated versions.
2. Avoid too many Plugins
- Plugins give great functionality to your WordPress core and that’s why it is very tempting to install more and more plugins.
- Install only required plugins, do your research before installing the plugin. Sometimes one plugin can do multiple jobs and you don’t need additional plugins.
- More than 50% of the vulnerabilities of WordPress are because of plugins.
- Weakly programmed plugin leave open doors for hackers to enter into your website. I will emphasize this point and will say to be careful with all the plugins and update them as soon as the update is available.
3. Avoid Weak Password
Don’t be lazy and take some time to create a strong password. Which should be a combination of “Caps letters, small letters, numbers, and special characters”, because 8% of WordPress websites got hacked because of a weak password, see above image for other affecting factors.
4. Be very careful while choosing a Theme
Choose “Theme” from a very well known theme maker so your research and select theme as per your need. Sometimes you need a simple theme then use the default WordPress themes provided by WordPress.
If you want to do a lot of customization then buy the premium theme from an established theme makes. www.themeforest.net is a very prestigious website where you can find all premium theme as per your need. You can choose by sorting out them by the functionalities you are looking in your theme.
5. Be very skeptic while choosing your Hosting Server
There are so many hosting companies out there and I have tried a few of them but after trying quite a few I am on HostGator for a very long time. You can also refer the above image that why you should be very careful while choosing a host.
6. Backup regularly & save backups at multiple locations
Take backups regularly, better to be safe than sorry!
There are so many plugins can do this job for you automatically but I, personally do not like to take backups by plugin/s because they increase the unnecessary load on the database and make them huge in size over the time.
This would be a nightmare when you want to migrate your website from one host to another host. Moreover many plugins on the website make it slower. (read the article here on How to make WordPress website fast) and you want a fast and safe website at this time, believe me.
7. Last but not least – you need a top-notch security system installed on your website.
You need either Wordfence Security or iThemes Security, punto! Both of them are great security system tools and has their own fan base. I personally like Wordfence but it doesn’t mean that iThemes Security is bad or not my choice.
Both of them are available as a free plugin but if you install one of them and like it than I think you should go for their premium version because they have some advanced features which you may need in future as you grow.
I can write on and on, on #WordPressSecurity topic but to keep the mission of this blog in mind I am ending this post here.
This blog post is not affiliated with any of the plugins, tools or hosting server. The suggestions mentioned here are purely based on authors personal experience and research. The author also does not take any responsibility if you mess up with your own website while following anything mentioned here. Do your research and follow your instincts. Comment below in case if you need more details.
Disclaimer
