• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

TekSec

My Scribbles on security and whatever strikes my fancy . . .

  • Home
  • About
    • Privacy Policy
    • DISCLAIMER
  • Services
    • Content Strategy
    • Social Media
    • Digital Audit
  • Show Search
Hide Search
13 Reasons why WordPress hacks are successful

13 Reasons why WordPress hacks are successful

July 22, 2019 By teksquisite Leave a Comment

WordPress hacks happen all the time. Keeping your WordPress site safe from cybercriminals requires that you avoid plummeting into the froth of WordPress worst security practices. When a WordPress site broadcasts worst security practices, you can rest assured — the bad guys will always line up to listen.

Automated Tools

Many small businesses have limited budgets alongside insufficient security knowledge. In other words, this combination often overlooks website security as an essential priority. Perhaps your small businesses or startup uses WordPress. You may not even know what platform your website runs on. If you haven’t a clue as to what powers your company website, you can ask your web designer, query BuiltWith, or use a browser extension like Whatruns.

The relative ease of attacking a smaller business has become such that it’s now perceived as being worth a hacker’s time and effort in more cases – particularly when smaller businesses don’t patch out known vulnerabilities that hackers can use automated tools to quickly scan for and exploit.

–New Data Breach Trends: Small Business Identity Records Now Target #1 for Hackers, Scott Ikeda, CPO Magazine

With the ease and use of automated vulnerability tools, it’s easy for businesses (of any size) to be targeted by hackers. Remember this: for cybercriminals, WordPress hacks are an easy slam-dunk when worst security practices enter the arena.

13 WordPress Worst Security Practices

WordPress worst security practices include:

  1. Minimal or no WordPress maintenance (not updating core, plugin, and themes).
  2. Not backing up the database and files.
  3. Lack of malware checks, security scans, security plugins (or services), and security monitoring.
  4. Failure to limit login attempts.
  5. Failure to use sitewide SSL.
  6. The use of weak passwords.
  7. Using the default user admin account, instead of using a custom name.
  8. Adding too many admins (use caution when giving user privileges).
  9. Not using two-factor authentication (2FA).
  10. Using plugins and themes from untrustworthy sources.
  11. Failure to use the latest PHP version.
  12. Failure to use a firewall.
  13. Using “cheap” low quality or shared hosting.

Though the above list is not comprehensive —on the positive side, it provides a baseline to build upon. To clarify, moving away from WordPress worst security practices can improve your security posture. Furthermore, shifting to security best-practices tends to dumb down the listening prowess of the bad guys.

Read more at:

tripwire read more

 

Facebooktwitterredditpinterestlinkedinmailby feather

Filed Under: Updates Tagged With: WordPress hacks

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Visit Us On TwitterVisit Us On FacebookVisit Us On PinterestVisit Us On YoutubeVisit Us On LinkedinCheck Our Feed

Recent Posts

  • 13 Reasons why WordPress hacks are successful
  • Hacked medical devices gaining traction
  • Online Travel Agency Deals: Due Diligence and Dive

Top Posts

  • Safari browser redirects on iPhone, iPad –… (10,130)
  • 6 motivations of cybercriminals–Is it all about the money? (3,875)
  • How to derail a Business Gmail Spam bomb (3,831)

RSS SecurityWeek

  • F1 Team Williams Unveils New Car After Hackers Foil Launch
  • Microsoft Shares Additional Mitigations for Exchange Server Vulnerabilities Under Attack

RSS Threatpost

  • U.S. DoD Weapons Programs Lack ‘Key’ Cybersecurity Measures
  • WordPress Injection Anchors Widespread Malware Campaign

Recent Comments

  • teksquisite on How to derail a Business Gmail Spam bomb
  • Stephanie Cleveland on About
  • bob mbeng64 on How to derail a Business Gmail Spam bomb
  • teksquisite on Remove Query Strings From Static Resources in WordPress
  • Harish on Remove Query Strings From Static Resources in WordPress

Categories

Copyright © 2021 · Teksquisite Security LLC

  • Home
  • About
  • Services
  • Privacy Policy
  • DISCLAIMER