Why do you need WordPress Security? Because at time of writing there are 74,652,825 WordPress sites and millions of people using WordPress for their website or blog as a preferred platform. Unfortunately, the more it comes into the spotlight, the more it comes under attack.
A bit like how Windows gets more targeted viruses than Mac; more Windows installations thus more opportunities for a WordPress hackers and scammers. Please don’t be too alarmed by this post, however it is important to know how you can address your WordPress Security and have some peace of mind.
Developers are made aware of WordPress Security threats, and quickly address any bugs to improve the code. So vulnerabilities are repaired and delivered via updates in your dashboard. For this reason, it is very important to keep your WordPress installation updated. You will also have Themes and Plugins. These are hopefully, from a reputable source and need to be kept up to date also. Keeping your system up-to-date will help however, it will not eliminate the risks.
Risks with WordPress Security
If your WordPress installation is hacked, risks may include:
- Your site gets deleted.
- Replaced with adult content.
- Redirected to a phishing site.
- Used for a spam server.
Once your site is hacked, there’s not telling what can be done with it. Perhaps the biggest risk is to your Reputation; what impression your customers have if your site is a threat to them when they visit? What trust can be lost, and perhaps never recovered?
This may all sound very serious and alarmist, but try to tell that to the many who have already had their WordPress Security compromised by hackers. Trust is a huge issue in the Web.
Trust conveyed on the Web
Trust on the Web has long been an issue. It is in the best interest for Web browsers such as Chrome, Firefox, Internet Explorer, Safari, and Opera to name a few, to maintain trust for their users. For example, Firefox will block a site found to contain malicious content, as shown in the image.
Your site will also suffer in the search engines such as Google, resulting in malicious content warnings. You may even end up blacklisted. Being blacklisted by Google really is a place you don’t want to wind up. Think about it “My site Blacklisted” because it was a hacker target?
Why WordPress becomes a hacker target
If you have suffered from a WordPress Security breach then, you may feel somewhat violated, abused, and angry. A bit like your house being burgled or your property being vandalized. Please remember, most hack attacks are not personal in any way. They are simply an opportunistic exercise; a hacker identified your WordPress Installation as an easy target.
Target items for hackers:
Storage space – A hacker can use you blog as a file store. They can do their work without having to pay for any hosting. This gives less risk of being traced by a hosting company too.
Site control – Your site can be controlled, and used to the hackers’ advantage. Once they have control they can install any malware they please. They can also make alterations to important system files like .htaccess and robots.txt. These files control how you site is accessed on the Web.
Stealing earnings – A hacker may change your AdSense id, or replace your affiliate banners. They can steal earnings from your site and make money for themselves.
Site hijack – your DNS records may be changed to point your site at a copy intended to fool your visitors. From here hackers can collect usernames and passwords from people trying to login, even trick users into giving bank details.
Spam server – There are many ways your site could be utilized for spamming. Hackers can setup an automatic comment spam system, which includes links to their own phishing site. Or worse, they could install a spam server script and use your site to send hundreds of thousands spam emails each day. This kind of thing could get you Blacklisted on many spam servers around the world, and possibly Google too.
Do something right now
You need to act right now, as your site may already be compromised. Sound alarmist, I don’t believe so. I have seen many sites that have been attacked and gone unnoticed for many weeks or months. Here’s two immediate options for you below.
WordPress Security with Wordfence Do It Yourself.
Some features of Wordfence include: Scanning for viruses, malware, trojans, malicious links. Protection against scrapers, aggressive robots, fake Googlebots, brute force attacks and more.
If you are a do it your self kinda person, download Wordfence here http://www.wordfence.com/, here is a little install video to help you get started.
Hire a WordPress Security professional.
A good professional who knows and understands WordPress Security will be able to secure your website for you. If you already know like and trust a WordPress Consultant, and you’re happy to employ them again, do it straight away, don’t delay.
I encourage you to do your research when hiring a professional, consider only quality developers. If you are wondering where all these developers are you could start by looking at wpaustralia.org You will find me on there too http://www.wpaustralia.org/members/petermeadit/ Please also feel free to check out my WordPress Consulting Services.