How safe is your WordPress site?

May 13, 2017 8:42 am

What is most likely to render your WordPress site vulnerable? The one thing that is most likely to render your WordPress site vulnerable is it’s being outdated. Outdated versions of WordPress, themes, and plugins make a site more vulnerable than you can imagine. Especially to malware attacks.

Safe WordPress site

When an updated form of WordPress is released, it usually comes with essential security updates that some WordPress site owners keep making the mistake of ignoring. To help protect its clients, WordPress ensures that it rolls out security patches in a manner efficient enough to safeguard against any potential attacks. But these updates are useless if you, as a client, refuse to install them.

Plugin and theme vulnerability is something else that can’t be ignored. Because WordPress is open-source, plugins and themes from varied sources have equally varied quality, as well as security loopholes.

How to make your safe WordPress site?

Fortunately, because of how a WordPress site is designed, securing it isn’t as difficult as most would fear it to be. By following some simple steps, you can immediately reassert and maintain the security of your WordPress site.

Update WordPress site
  1. First and foremost, keep WordPress updated: This is the easiest and cheapest way for users to protect their site. Regular patches are delivered by WordPress and it becomes the responsibility of a site owner looking for the best results from his/her WordPress account to regularly monitor and update the site’s core, themes, and plugins. Not only does this protect the site owner, but it also protects the visitors who visit the site daily.
  2. Make sure your WP site is on a secure web hosting service: According to Brendan Wilde, Marketing Manager at Domains4Less, “Many site owners forget that their web host is a key part of their defense in the event their website is attacked. At Domains4Less, we don’t just provide secure web hosting, but also regular backups to ensure our clients can easily recover from any malicious attack…”. To reinforce the safety of a WP site, it’s advisable to extensively research your options of secure web hosts and pick one that has a proven record of keeping sites safe. A reliable host protects a user’s domain, site, and ensures a site can quickly and easily recover from any crash.
  3. Regular Backups: While not an actual security tip, it is still very useful because it ensures your site can easily recover from any damage caused by a security breach. When regular backups are done, a site that has suffered a crash can recover what was lost through the most recent backup, and resume business. Site failures are then less catastrophic.
  4. Strong passwords: This would seem quite obvious but you’d be surprised how many WP site owners use either weak or obvious passwords to protect their sites. A strong password grants your site reinforced security that shields your control panel from unauthorized access. To make a strong password, it’s recommended to make it hard to guess by mixing uppercase and lowercase letters, inserting symbols, numbers and special characters. To further protect your password, it’s advised you have separate passwords for different online accounts.
  5. Limit number of login attempts: You can further secure your WP site by reducing the limit of login attempts by installing the add-on “limit login attempts”. This will limit would-be hackers from repeatedly entering guess passwords into your WP account before they are shut out. The “Limit Login Attempt” tool is also effective because it can block the IP of brute force attackers after repeated failed attempts to gate-crash into your site’s control panel.
  6. Uninstall and delete obsolete or unused themes and plugins: Themes or plugins that are inactive or unused are a potential risk that leaves your WP site highly vulnerable to backdoor attacks. It’s because of this that it is highly recommended you properly uninstall all plugins and themes, and ensure such extensions are erased from the WordPress database.
Strong WordPress password

How to identify vulnerabilities on your WordPress site

You can use the following WordPress scanners to identify and fix your site’s vulnerabilities.

  1. Detectify: This tool has been developed to scan and test your WP site for over 500 possible vulnerabilities. So if your goal is to constantly ensure your site’s security, Detectify would be an ideal tool to have installed.
  2. SUCURI: With SUCURI’s antivirus and firewall, you have access to extensive security solutions such as clean-up, protection, and monitoring. The tool also lets you check for blacklisting status, malware, and site errors.
  3. WordPress Security Scan: This tool is developed by Hacker Target and is capable of testing your WP site for almost 2000 vulnerable plugins. It also tests to see if your version of WordPress is up to date. Other checks it performs include, but are not limited to; web server configuration test, Google safe browsing test, test hosting provider, test iframes, the vulnerability of themes, directory indexing, enable/disabled status of the admin account, and much more.
  4. WP SCANS: This tool takes advantage of the WPScan vulnerability database that contains over 6100 vulnerabilities to detect a vulnerable core, installed theme or plugin.
  5. Security Ninja: This tool comes as a plugin and thoroughly scans your site within 2-3minutes before presenting a comprehensive report of noted vulnerabilities and appropriate solutions.
  6. WP Loop: This tool gives you the power to perform the following checks that’ll protect your site; WP/PHP version disclosure, login enumeration, the EditURL link, and the accessibility status of upgrade.php, HTML, install.php.
  7. Quttera: This plugin is capable of perusing your site for both known and unknown malicious activity by scanning for the following; Blacklisted URL, detected external link, outdated WP core, injected PHP, and other possible hack entries.
  8. Acunetix: This effective tool searches through your site for the following vulnerabilities and provides a detailed report; DOS, SSL, XSS, SQLi, XXE, SSRF, weak admin password, wp-config.php, over 1200 vulnerable WP plugins, and a host of other weak spots.

Armed with the information above, you have come closer to keeping your WordPress site, your business, and your visitors safe from hackers. It’s now up to you to decide to actually implement any or all of the above recommendations and tools. Remember, the security for your WordPress website is your responsibility. Get wise and get a robust security process in place.