WordPress powers 26.3% of all websites on the Internet. Being so popular, it attracts a lot of attention. Unfortunately, not all of that attention is good. The negative attention that WordPress gets often comes from hackers who want to exploit various WordPress security vulnerabilities. Unfortunately there is no shortage of vulnerabilities. According to WPScan (a WordPress vulnerability database) there are 4,284 known WordPress vulnerabilities. WordPress plugins are the biggest source of vulnerabilities. 50% of exposures come from WordPress plugins. 10% are from WordPress themes and the remaining 40% are WordPress core vulnerabilities. This is confirmed by findings from Wordfence, they go on and say if you can protect yourself against plugin vulnerabilities and brute force attacks, you are accounting for over 70% of the problem. Plugin vulnerabilities and brute force attacks are the two most common ways to hack a WordPress site (from: wordfence.com). When it comes to WordPress security, most people make the same common mistakes: they still use “admin” as their username, most of them use an easy to guess password or worse use the same password for every other site. And finally, a good
Share This