We will explain whether or not hacking (tampering and malware infection) can be prevented if you convert your WordPress site to SSL (HTTPS).

In conclusion, just because a site has been converted to SSL, it does not prevent hacking and tampering at all!

SSL (HTTPS) encrypts the communication between the server where the website data resides and the browser.

This means that data is retrieved along the way by Wifi relay devices or data transmission between servers, and only the person connecting to the server will know what data the user sent (request) and what results the server returned.

However, this does not prevent hackers from attacking. The reason is that SSL does not prevent brute force attacks and vulnerability attacks, which are the most common methods of WordPress tampering.

(The most common way to gain administrative privileges is through a brute force attack.

SSL can prevent WordPress login information from being obtained in the process and the password for administrator privileges from being compromised.

However, the WordPress administrator privilege is taken by a brute force attack, in which a hacker uses a tool to repeatedly perform tens of thousands of login operations using commonly used passwords until he or she hits the target.

Vulnerability attacks cannot be prevented by SSL

SSL is only an encryption of data transmission, so even if a hacker checks your site for vulnerabilities, uses the vulnerabilities to send unauthorized data to tamper with your site, or writes a backdoor into your server, it will still go through.

Preventing vulnerability attacks requires either plugging the vulnerability or running a security system that detects and intercepts vulnerability attacks.

What does it mean to use SSL?

So what are the security implications of going SSL?
SSL is not meaningless, as it increases the confidentiality of data transmitted by you and your users by encrypting the transmission.

Specifically, SSL is the most effective way to prevent the following types of information from being exchanged and leaked on the site
Transmission of login IDs and passwords
Transmission of personal information such as address
Transmission of credit card information, etc.

SSL is also said to give users of a site a sense of security and preferential treatment by search engines.
It is recommended that both site SSL and security measures be taken.

Reference
Five free WordPress security measures
Free WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal].

Related Posts:

  1. When WordPress is hacked, do you know the cause, date and time of the hack?
    One of the rare questions we receive when WordPress Doctor recovers from malware or tampering on behalf of our clients is that they want to know the cause and date of the problem. Here is an explanation of how we can find out....
  2. What to do for your site users when WordPress is hacked, tampered with, or hijacked.
    This page explains how to respond to users (those who use the site) when there is a possibility of damage to users who visit the site, such as being redirected to another site, being sent to a sweepstakes site, or downloading malicious files due to WordPress tampering. This page explains how to respond to users (those who use the site)...
  3. What is the most common vulnerability cross-site scripting in WordPress?
    The most common vulnerability in WordPress is called Cross Site Scripting (XSS). We would like to explain about this vulnerability....
  4. 5 characteristics of sites that are subject to WordPress hacking, hijacking, or defacement.
    At WordPress Doctor, we perform malware removal and security measures on behalf of more than several hundred sites per year. Based on this experience, we would like to share with you the characteristics of sites that have been hacked, hijacked, or defaced....
  5. What is a WordPress injection attack?
    There are various methods by which WordPress can be hacked, the most common of which is called an injection attack. This section describes these injection attacks....
  6. Motives of Hackers to Tamper with WordPress, Effects of Hacking
    Why do hackers (crackers) hack and tamper with WordPress? We will explain the motives of hackers who tamper with WordPress and the consequences of being hacked....