With WordPress running on 1 in 5 sites on the Internet, it is no surprise that they are a very popular target for both experienced hackers and script-kiddies alike. The following are a few measures that can be taken to address some basic security holes or malpractices that are commonly present in thousands of WordPress sites.
Running the Latest Version of WordPress
Running the latest version of any software is probably first the most obvious security measure that should be taken. However, with over 86% of WordPress installations running outdated versions of WordPress, this point is still one that needs to be stressed.
Each update of WordPress not only brings with it new features, but more importantly, it brings with it bugfixes and security fixes, which help your WordPress site remain safe against common, easy-to-exploit vulnerabilities.
Running the Latest Versions of Themes and Plugins
Running the latest version of WordPress alone is not enough – your site’s plugins and themes could still contain vulnerabilities that can compromise the security of your WordPress site.
The Slider Revolution plugin is a good example of how outdated plugins and themes can compromise your site’s security. Slider Revolution is a very popular WordPress plugin which also happens to be used by a large number of WordPress themes sold on the Envato Market. The vulnerable plugin allowed malicious users to steal database credentials, which would then potentially allow total compromise of the WordPress site through it’s database.
Therefore, making sure that the themes and plugins you are running are all updated to their latest versions is essential. By keeping your plugins and themes up to date, you can make sure your site is covered with the latest security updates.
Acunetix performs WordPress security scans, identifying WordPress installations, and will launch version specific security checks to ensure your website is secure.
Part 2 in the series on WordPress Security will discuss Plugins and Themes