Top 3 security issues for WordPress sites
WordPress security has become a huge topic in the last couple of years. The most time passes the most we are talking about WordPress security. As per Google’s statistics security has been the biggest issue for web sites these days. That’s why we have decided to write an article about the top 3 security issues for WordPress we have seen in our daily routines interacting with customers using WordPress as a platform for their web sites. We will list them below. All of them are important and most compromised web sites we have seen were compromised because of them. All WordPress users must be aware that even the best WordPress hosting can’t save a compromise if they are running a vulnerable WordPress setup.
Issue Number One
Plain and simple – running outdated installation. That includes the core of WordPress, the plugins you have installed and the themes.
Update all of the above on regular basis or just enable automatic updates by editing the WordPress configuration file wp-config.php. The second is much easier to implement. You can read more and find out how to secure your WordPress web site.
Issue Number Two
Using a very easy to guess password which can be guessed by the spiders scanning for WordPress web sites and hitting them with brute-force attacks 24/7.
Of course use a hard to guess passwords which includes letters, capital letters, numbers and symbols. Make sure the password has at least 8 characters. Then restrict the admin area to your IP only. You can find how to do that at https://www.scalahosting.com/blog/secure-wordpress-web-site/.
Issue Number Three
Permissions. By default all files uploaded have the permission of 644. That means any account on the server can read the file and see its content. When that file contains the mysql login details used by WordPress to connect to the database server it becomes a huge issue as that becomes an open door for hackers. They can steal the login details and use them to change the admin user password or just add a new user and access your backend.
Make sure the wp-config.php file has permissions of 600 or 400. In that way your account will be the only one that can read the file and you will be safe.
If you are not comfortable with doing the work yourself you can contact our technical support team and we can do it for you for a small extra fee or you can try to find a wordpress developer to do it for you. A guide that can help you to find a wordpress developer can be found at https://www.dart-creations.com/wordpress/wordpress-tips-and-tricks/wordpress-developers-for-hire.html