WordPress hacks happen all the time. Keeping your WordPress site safe from cybercriminals requires that you avoid plummeting into the froth of WordPress worst security practices. When a WordPress site broadcasts worst security practices, you can rest assured — the bad guys will always line up to listen.
Many small businesses have limited budgets alongside insufficient security knowledge. In other words, this combination often overlooks website security as an essential priority. Perhaps your small businesses or startup uses WordPress. You may not even know what platform your website runs on. If you haven’t a clue as to what powers your company website, you can ask your web designer, query BuiltWith, or use a browser extension like Whatruns.
The relative ease of attacking a smaller business has become such that it’s now perceived as being worth a hacker’s time and effort in more cases – particularly when smaller businesses don’t patch out known vulnerabilities that hackers can use automated tools to quickly scan for and exploit.
–New Data Breach Trends: Small Business Identity Records Now Target #1 for Hackers, Scott Ikeda, CPO Magazine
With the ease and use of automated vulnerability tools, it’s easy for businesses (of any size) to be targeted by hackers. Remember this: for cybercriminals, WordPress hacks are an easy slam-dunk when worst security practices enter the arena.
13 WordPress Worst Security Practices
WordPress worst security practices include:
- Minimal or no WordPress maintenance (not updating core, plugin, and themes).
- Not backing up the database and files.
- Lack of malware checks, security scans, security plugins (or services), and security monitoring.
- Failure to limit login attempts.
- Failure to use sitewide SSL.
- The use of weak passwords.
- Using the default user admin account, instead of using a custom name.
- Adding too many admins (use caution when giving user privileges).
- Not using two-factor authentication (2FA).
- Using plugins and themes from untrustworthy sources.
- Failure to use the latest PHP version.
- Failure to use a firewall.
- Using “cheap” low quality or shared hosting.
Though the above list is not comprehensive —on the positive side, it provides a baseline to build upon. To clarify, moving away from WordPress worst security practices can improve your security posture. Furthermore, shifting to security best-practices tends to dumb down the listening prowess of the bad guys.
Read more at: