Wordpress security3/2/2023 ![]() Security Configurations – Prevent Directory Listing If you absolutely need to keep inactive users in your WordPress database, change their role to ‘Subscriber’ in order to limit any actions that could be performed. Users, especially Administrators and others which have the ability to modify content, are possibly one of the weakest points of any site because unfortunately, most users tend to choose weak passwords. Keeping inactive users on your WordPress site increases your attack surface. The more downloads and recent updates the plugin or theme has indicates that it is in wide use and that it is being actively maintained by its authors, which means that if a vulnerability is found, it likely to be fixed quicker. This prevents you from installing malware such as the Tools Pack malware plugin.Ĭheck how many downloads the plugin or theme has and when it was last updated by its authors. Before installing a plugin or theme, read about it (ideally on sources other than the plugin/theme developer’s site). When choosing which plugins and themes to use, be selective. By avoiding the installation of unnecessary plugins you would automatically be reducing your site’s attack surface. Plugin enumeration allows attackers to discover what plugins your WordPress site is using. While extending your site’s capabilities and customization is important, it should not come at the price of your website’s security.Įven if your WordPress installation, plugins and themes are all up to date, it does not mean that a site is not vulnerable to attack. WordPress allows you to extend and customize your site with thousands of plugins and themes. 3. Be Selective When Choosing Plugins and Themes However, with over 86% of WordPress installations running outdated versions of WordPress, this point is still one that needs to be stressed.Įach update of WordPress not only brings with it new features, but more importantly, it brings with it bugfixes and security fixes, which help your WordPress site remain safe against common, easy-to-exploit vulnerabilities.Īcunetix performs WordPress security scans, identifying WordPress installations, and will launch version specific security checks to ensure your website is secure. Running the latest version of any software is probably first the most obvious security measure that should be taken. This is why we’ve taken some time to detail some measures which can be taken to address the basic security holes or malpractices that are commonly present in thousands of WordPress sites and can help preventing a WordPress hack. They are also a popular target for malware. ![]() ![]() In 2013 around 90,000 WordPress sites were hijacked for use in a botnet. ![]() With WordPress running on 1 in 5 sites on the Internet, it is no surprise that they are a very popular target for both experienced hackers and script-kiddies alike. Be it due to an insufficient security expertise of the developer, or the use of one of the many plugins available (of which the security cannot be guaranteed). WordPress sites are notoriously lacking when it comes to security, and are often the target of a WordPress hack. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |