The dominance WordPress has on the web comes at a price. Being the most popular CMS also makes it the most lucrative and profitable target for hackers. In 2019, 94% of hacked websites cleaned by Sucuri ran on WordPress. Other CMS platforms didn’t even make it into the double digits. This high number does not mean that WordPress is vulnerable. In fact, the WordPress security team does a great job patching vulnerabilities. But the thousands of plugins and themes that can be installed to customize WP open new routes for potential hacks. That’s not even considering legacy sites that aren’t […]
How to Keep Your Site Secure Using a Web Application Firewall (WAF)
If there’s one phrase more prevalent than ‘website security‘ in the conversations about running a WordPress site, we’re yet to find it. You may already know the ins and outs of protecting your site using security plugins. However, that’s not the only step you can take, especially if you want to leave no stone unturned when it comes to locking down your site. For instance, a Web Application Firewall (WAF) is a vital tool for ensuring that your site can stand up to malicious users and bots. However, on many sites, it’s either not implemented in the most optimal way […]
Sucuri Report: Outdated Plugins Leading Cause Of WordPress Site Hacks
Three plugins were responsible for 25 percent of all WordPress hacks discovered in the first quarter, Sucuri said in its recently released report on post-hack actions by attackers. According to the report, outdated versions of RevSlider, GravityForms plugins, and TimThumb Script were the leading cause of WordPress site hacks and exploits. RevSlider accounted for the majority of vulnerabilities caused by the top three outdated plugins, which could in part be because it’s bundled within themes and other frameworks. “The biggest challenge with RevSlider however, is that it’s embedded within Themes and Frameworks and some website owners are unaware they have it installed until it has […]
Security Experts Weigh in: The Future of WordPress Security
When your career is entirely online, assessing security threats is an ongoing part of life. For WordPress users, there are ways to significantly mitigate security risks, however, the reality is that users still must understand the threat space and stay vigilant to keep their sites secure. As the digital landscape continues to evolve, WordPress security must evolve as well. We talked to three security experts about the state of WordPress security, and where things are going. How are Attacks Reaching WordPress? WordPress has become so much more than blogging software. It’s grown into a full-featured platform used to power incredible digital experiences. With each new feature, […]
Doc Pop’s News Drop: How Hackers Can Find New Sites Within 30 Minutes
Doc’s WordPress News Drop is a weekly report on the most pressing WordPress news. When the news drops, I will pick it up and deliver it right to you. At this year’s DefCon, Hanno Böck described how hackers can find a fresh new WordPress install within 30-60 minutes of going live. Don’t be nervous though, in this week’s video we talk about how you can protect a fresh WordPress install. WordFence shared an excellent write up of Hanno’s presentation, which you can read here, as well as another article on how hackers can take advantage of WordPress sites that have […]
No Comments
Start the conversation