According to the latest statistics, security researchers suggest that WordPress is one of the most attacked CMS around. The numbers speak for themselves. With almost 25% of websites use WordPress for back-end administration, there is no surprise the Internet is abundant with security issues such as SQL injection attacks, or cross-site scripting incidents.
The problem, however doesn’t lie in WordPress itself, but in the manner it is used by certain end-users, and even more disturbingly, how some ‘developers’ use WordPress to quickly come up with a new website or application for their clients.
Any good programmer will tell you that WordPress is a very powerful CMS, but like all CMS, it has some rules you have to abide by :
1) Don’t use too many plugins, unless you have thoroughly tested them. Although they go through testing before being published to WordPress, they may contain errors or back doors, which might turn into vulnerabilities.
2) As a user or admin, try and understand the importance of a strong password. Also, make a routine out of changing your passwords every month or so. Many attacks use the brute-force method, which basically means trying out weak passwords until they hack into your website.
3) Keep your WordPress version up-to-date. Many developers will tell you that updating your WordPress version might pose functionality risks. This is false. Every new version of WordPress brings new security improvements and speed optimizations, so you it’s much better to update
4) Always keep your WordPress application on a server properly equipped with a firewall, back-up system and other intrusion detection tools. Don’t tighten the belt on protection, it is usually cheap, but the trouble of not having it might be too expensive.
Ionut Popescu is Business Development Manager at MBM Software