The website WPvulndb website lists all the known exploits and vulnerabilites and categorizes them under WordPress Core, Themes and Plugins. This article explains how you can test if your WordPress site is vulnerable and what precautions to take before you fall prey to an attack.
WordPress websites have always been a sweet target for hackers and script kiddies looking to have some fun at the cost of damaging and defacing websites. In July 2014 the popular plugin "MailPoet Newsletters" was exploited to cause damage to over 50,000 websites across the internet. For a hacker, it is also worth investing time and money in identifying vulnerabilities, since millions of site's across the world use WordPress, and being able to compromise one of them may lead you to be able to replicate it for other site's with the same vulnerability as well.
The website WPvulndb.com lists all the known exploits and vulnerabilites and categorizes them under WordPress Core, Themes and Plugins. This article explains how you can test if your WordPress site is vulnerable and what precautions to take before you fall prey to an attack.
Plugins
In August 2014, the Custom Contact Forms Plugin allowed alterations and modification to the database using a flaw in the system. This affected thousands of websites which had downloaded and used that plugin. The security company Sucuri, tried to contact the developers but to no avail. They finally posted this message on their blog:
"Due to the unresponsive nature of the development team, we'd encourage you to pursue other sources for your WordPress form needs. There are various options with developers that are very responsive and are actively concerned with your security needs."
Many free plugins for WordPress, maybe outdated, vulnerable, badly coded and may no longer be supported by an active development team. This means that using such a plugin may be detrimental to your website's security and may lead you to being a hacking victim due to the flaws in that plugin. Always install plugins which have good reviews, good ratings, are compatible with your current version of WordPress and which are regular updated by an active developer team. You can see the plugin details and inspect them before integrating it with your website.
Themes
The same applies to WordPress Themes as well. Always read the theme reviews and see their rating before you choose a theme. Also, just because you pay for a theme does not mean that it is more secure or has no vulnerabilities, the only advantage will be that you will be able to contact the developers to patch your theme or update it. Bad coding in the themes may lead your site to become slow or open it up for hackers to exploit.
Update
Always keep your WordPress major version and all other themes and plugins up to date. You can do this manually or if your web host provides you with an auto installer, you can allow the auto installer to update WordPress, the themes and the plugins through a scheduled cron command. Keeping your site in sync with the latest version will prevent hackers from exploiting old vulnerabilities, for which a fix is already available. Although this is a very simple and easy counter-measure, keeping updated software can go a long way in ensuring security.
Backup
Always backup your site regularly and maintain a remote backup location in case of a disaster or damage to your site. Keeping a remote backup location is ideal, so that you "do not keep all your eggs in one basket". Make sure that your backup is easy to restore in the event of an emergency. While you can backup parts of your website separately Eg: Database, Files, Image etc. you can also have a compressed zip backup of your entire website in a single file. Auto Installer software allow you to schedule nightly backups and set the backups to happen automatically.
Testing
Don't forget to test your website for any known exploits or vulnerabilities before the hackers do. Free online tools like Sucuri Website Scanner will scan your website and suggest some security measures. They will also alert you of any major flaws in the system and will also indicate any outdated WordPress versions. Better scan your website before the hackers do.
Will Free Web Hosting Ever Become A Reality?
There may not be such a thing as free lunch, but there maybe a lot of people touting free web hosting services these days. This means that your website files will reside on a server for which there are no charges. But doesn't that sound too suspicious? It may sound odd, but there is definitely a catch to it. This article explores the possibility of having free web hosting services use alternate forms of revenue generation.
Want To Host A Blog? What Does Blog Hosting Need To Have?
Starting a blog is pretty simple, but the challenge is in keeping it rolling and keeping the updates coming. This means that you need to dedicate some time, effort and energy apart from the initial money that you need to put in. This article deals with what are the basic essentials you need to start a blog for personal or business use.
How Can You Encrypt Your Emails? Anti-Spying For Beginners
Your emails contain very important records of your life and may also contain traces or indications of various events. Even though you may have "nothing to hide", there is no reason why you should want a total stranger to have any information about you. Even if you are not the target of a terrorist group, you may become easy prey for a script kiddie who just wants to be a nuisance.
