WordPress dominates the internet space by powering over 40% of all websites. As such a giant in the web design industry, it has also become a target for many hackers. Here are the top 5 ways in which you may be vulnerable and how you can protect your WordPress website:
1. DDOS Attack
A DDOS attack is when a collection of computers or servers access your website all at once. This sudden barrage of traffic will overload your website and can slow it down or completely take it offline. There are a few measures you can take to prevent this from happening, but the easiest, and arguably most effective solution is to use Cloudflare.
Cloudflare is a freemium service that acts like the bouncer outside of a nightclub. If too many users try to enter at once, it can slow down the traffic by rejecting questionable users or known bad actors, or by quizzing them to make sure they can enter. Setting up Cloudflare takes mere minutes and will even generally speed up your website.
2. Malware
Malware is a piece of code that can be maliciously added to your website and make it function in unattended ways. Common examples of malware we see on websites include:
- Redirects to malicious websites, so that when someone visits your website they are redirected to another website that can be used to steal personal information.
- Your website can be used to send out a mass amount of spam. The more websites hackers can load their malware onto, the larger reach their spam emails will have.
- Your website can be used to DDOS another website! Hackers will load their malware on countless websites and use them to overwhelm their target website, taking it offline.
Our favourite tool to prevent malware is WordFence, a freemium plugin that will scan your WordPress website for malware and alert you if anything malicious is found. WordFence does this by comparing your theme and plugins with the original code, or by detecting known malware within your website.
3. Bruteforce Attack
A bruteforce attack is when a hacker attempts to break into your WordPress website by using a list of commonly-used passwords, or passwords that were leaked in a previous hack. They will use a program that will run through the list of passwords until one works and they’ve gained access into your website. There are three ways we recommend defending yourself against this attack:
- Use a complex and unique password for all administrator accounts
- Limit the amount of login attempts from each computer or IP address. WordFence offers
- this feature for free.
- Force all administrators to use Two Factor Authentication, so even if a hacker does know the password, they will need a secondary code to gain access to the account. You can add 2FA to your website by downloading the free WP 2FA WordPress plugin.
4. Server Attack
Hackers could break into your website by accessing vulnerabilities with your web host. They can gain access through open ports on the server or take advantage of known issues in outdated server software. If your WordPress hosting provider doesn’t update their environments regularly or uses unreputable software, your WordPress website could be hacked. We recommend hosting your website with reputable hosting providers and staying far away from ones that offer deals that are too good to be true. You will get what you pay for! We recommend WP Engine for hosting your WordPress website design.
5. WordPress Plugins
WordPress plugins are extra features that you can install into your WordPress website to add more functionality. For example, WordFence and WP 2FA are both WordPress plugins that I’ve already recommended in this article and will help secure your website if you install them. You can also install WordPress plugins that add features to your website such as live chat, slideshows and galleries.
WordPress has a database of 60,000 free plugins, and that doesn’t include the thousands of paid plugins sold by other websites. Plugins can be very useful, but you should remember that they were built by third-party WordPress developers and if they were programmed poorly and are insecure, adding them to your WordPress website can make it vulnerable as well.
We recommend installing as few plugins on your website as possible and be sure that the ones you do install are reputable. Look for how many downloads they have, their reviews and that they are constantly being maintained by the developer.