Here are five minimum security precautions to take when managing a WordPress site. In our experience, this will prevent more than 90% of hacking attempts.
Table of Contents
5 minimum security precautions for WordPress
WordPress Doctor considers the following five minimum security precautions to be taken when operating a WordPress site.
We estimate the probability of a WordPress site being hacked and infiltrated at 1 in 200 sites per year, so if you take these precautions, you can further reduce the probability to less than one-tenth.
(Hackers will not target sites that are even slightly difficult to hack. (Hackers do not target sites that are even slightly difficult to hack, because there are plenty of other sites that are easy to break into.)
1 Do not leave vulnerabilities unchecked.
2 Use complex login passwords.
3 Remove unused themes and plugins
4 Convert your site to SSL
5 Take care of all the above sites in your server
1 Do not leave your site vulnerable
The number one cause of WordPress hacking victimization is vulnerabilities in the program files contained in the WordPress site, accounting for about 60% of the total.
The second most common cause is weak login passwords, about 20% of the time, and the third most common cause is server vulnerabilities, about 10% of the time. (If you subscribe to a shared server, it is unlikely that a server vulnerability will be breached, so it is safe to assume that 70% of the vulnerabilities are program file vulnerabilities.)
Hackers use tools to attack vulnerability after vulnerability in WordPress, automatically and repeatedly attacking tens of thousands of sites.
Vulnerabilities in the program files contained in WordPress sites can be exploited in the following two ways
1 Update WordPress itself and plugins frequently (once every six months at the most).
2 Stop and remove plugins whose distribution has been stopped on the official WordPress website
*It is also possible to do vulnerability testing and malware with plugins. We would be happy if you could try this.
Free] WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].
2 Login passwords are complicated
Since 20% of WordPress is hacked due to weak login passwords, passwords for administrator and editor privileges on WordPress sites should be a meaningless string of at least 12 characters, including one-byte alphanumeric symbols.
Investigate the strength of your passwords.
3 Remove unused themes and plugins
If you have unused themes or plugins on your WordPress site, we recommend that you not only stop them, but also remove them from the server.
Hackers may attack by directly accessing files that contain vulnerabilities.
4 SSL-enable your site
Internet communication may go through multiple crises and be mediated by multiple servers.
Because of this, there is a possibility that WordPress login information can be intercepted along the way.
It is also important for security to encrypt the login information on your WordPress site so that it can be communicated between the browser and the server by using SSL (HTTPS access with a server certificate).
Learn more
What is SSL? An easy-to-understand explanation of what it means and how it works!
5 All sites in the server will take care of the above
It is important that measures 1-4 be taken for all sites within the server of the same contracted account. Many of today’s malware spread infection beyond the folders of the domains that exist on the server.
This can lead to malware infection or tampering with other sites that are not vulnerable to malware.
Reference
Why does WordPress malware (tampering) spread to all sites in the server?
WordPress Doctor has a database of over 1 million malware sample files, malware detection patterns, and vulnerabilities. We contribute to improving the security of your WordPress site.