About one third of all websites across the entire internet are driven by WordPress. That’s an astonishing number when you stop to think about it. This percentage is continuing to grow today due in part to the intuitive nature of WordPress sites to interact with as a developer, administrator, and end user. The trend for digital tech as it grows in popularity seems to be that the larger the platform usage numbers are, the more hackers want to corrupt the platform for profit and chaos.
With just a little bit of keyword searching on Google, it’s easy to find lists outlining website security issues, but this article from ithemes.com sums up the top five common WordPress security issues the best in our opinion. At Stellar Blue Technologies we are well in tune to the forces at play that are threatening website security, and so we thought we’d take a moment to write this short listicle about common WordPress security problems, and how we address them.
Brute Force Attacks
WordPress brute force attacks refer to the trial and error method of entering multiple username and password combinations over and over until a successful combination is discovered.
SBT: We utilize a plugin on all of our sites that provides multiple security benefits. This plugin stops attacks by blocking the username or IP address after so many invalid attempts in a row.
File Inclusion Exploits
File inclusion exploits occur when vulnerable code is used to load remote files that allow attackers to gain access to your website.
SBT: We have server firewalls in place that help prevent scripts from loading remote files, and additional code to execute on our server that isolates each website to load in its own “cage”.
With an SQL injection, an attacker may be able to create a new admin-level user account which can then be used to login and get full access to your WordPress website.
SBT: We keep WordPress Core up to date as it includes the latest security patches to prevent the newest SQL injections. We also have ModSecurity installed on our servers that detects signature SQL Injections, and prevents them from executing on our server.
SBT: We have several layers of protection in place to help prevent loading scripts from different/cross sites that would be loaded to the user. One of those layers of protection is a “Web Application Firewall (WAF)” that comes into play even before traffic reaches the server. It contains rules to thwart cross site scripting attacks.
This is malicious software code that is used to gain unauthorized access to a website to gather sensitive data.
SBT: While we include daily malware scans for every site on our servers, we also offer additional security plans that help prevent malicious access of malware. In addition to this, we provide external malware scans that include blacklist monitoring to identify if any of the major security firms have your specific site listed as an infected site.
We at Stellar Blue are confident in the abilities of WordPress to deliver the most secure and refined product for your company. We’ve been using this platform for high-level government clients, banks, municipalities, and much more for over a decade with stellar results. If you’d like to learn more about WordPress in general or website security, consider attending one of our workshops or contacting us directly. And remember, we take pride in the quality of our work so that you can put all of your efforts in to your work without having to worry about what’s happening behind the scenes on your website.