5 Mistakes WordPress Users Make That Permit Cyber Attacks

During one of the biggest WordPress attacks, 1.5 million web pages were hacked. This happened in 2017 when a content-injection vulnerability was discovered and exploited by malicious cyber attackers. Although the vulnerability was patched as soon as Sucuri, a US-based security firm, warned WordPress, according to midgard.co.uk, 40,000 unique websites were attacked successfully, which allowed criminals to modify the content on those 1.5 million pages. The responsibility of this incident, of course, fell onto the shoulders of WordPress, who failed to uncover the vulnerability themselves, as well as to warn WP website developers and administrators in time. Unfortunately, there are some mistakes that these developers and administrators do themselves that permit successful cyber attacks. In some cases, that happens due to outdated software, and in others – due to weak WordPress passwords. Whatever the case might be, there's always something that can be done to strengthen protection.

1. What’s the deal with your hosting environment?

WordPress websites can be hacked if they are hosted on servers that are not protected reliably. The problem here is that you cannot really control the security of the server. This is why the most important thing you can do is choose a reliable hosting service before you set up a new WordPress site. The services vary in cost and level of support and security, and so if you are looking to create a business or support a business using your WordPress website, you should consider investing in services you can trust. If you choose to save your dollar now, you are likely to be spending money on security and damage control in the future after you experience a cyber attack. If you think you are ready to handle this on your own, you might be favoring self-hosting, but if the thought of dealing with malware and fixing corrupted content gives you a headache, you will want to choose the right hosting service. Some of the web hosts recommended by WordPress include Bluehost, DreamHost, and SiteGround.

2. When was the last time you installed updates?

Yes, yes. We all hate updates because they always seem to come in at the worst possible time. But if you think about it, spending several moments out of your day to update WordPress really is not that big of a deal. On the other hand, if you do not install updates and existing vulnerabilities are exploited by cyber attackers, the security issues you might face could amount to a HUGE deal. If your website's management system is outdated, security backdoors might exist, and so we suggest that you install the latest version immediately. Have you made your website mobile-friendly? If you have, you must not forget about mobile updates as well. The same goes for all installed plugins and themes. If you are not installing appropriate updates, vulnerabilities and security loopholes could be exploited as well.

3. You don’t research your plugins? Well, you should

There's only so far you can go without plugins when it comes to WordPress. They add functions to your website and can help go to the next level, so to speak. If you are looking to create a professional-looking site, you will not be able to evade plugins. Unfortunately, malicious plugins do exist. For example, a plugin called Display Widgets caused serious problems in 2017 when it silently installed backdoors on 200,000 websites. Using the backdoor, the attacker behind it could publish anything on the affected website. An interesting detail about this plugin is that it was harmless until it was sold. That means that you need to be cautious not only about new plugins you install but also the old ones you have trusted in the past. Then there are plugins that are created with good intentions but are simply too weak against malware attacks. Of course, you don't need to be afraid of all plugins. You certainly should make use of reliable security plugins that can scan for malware and add firewall to your WordPress website.

4. If your WordPress password is weak, you are asking for trouble

Do you know what a brute force attack is? It is a cyber attack during which cyber attackers gain access to an account using illegal practices. The job is much easier if your WordPress password is weak and easy to crack. We should not be telling you how to choose a strong WordPress password, but if you need a refresher, it MUST be long and it must be complex. The consensus is that the WordPress password should be at least 14 characters long, should contain symbols, numbers, lower and upper-case letters, and should not include whole words. Luckily, WordPress does not allow adding "password" as your… well, password, but that is not the only passcode that can be guessed. But how are you supposed to remember a complicated WordPress password? That is not a problem if you use a password manager. You can even use it to help you generate a strong passcode that goes beyond 6 characters that are required by WordPress. When it comes to usernames, for the love of everything that you cherish – do NOT use admin, administrator, or the name of your website.

5. Is it time to backup your WordPress website?

What if a cyber attack cannot be prevented? As we know from experience, even if all security measures are taken to protect the website, bad things happen, and even WordPress messes up from time to time. This is why you want to have a backup to your website. That way, you can easily restore the site and get it up and running in no time. Note that if you are using a reliable hosting service, backups might be created automatically, but you do not want to rely on anyone when it comes to backups, and it is strongly suggested that you find your own way to back up your website as well.

A quick reminder

  • Choose the right web host that can provide security and support in the event of a cyber attack.
  • Install ALL WordPress-related updates as soon as they come in.
  • Choose your plugins and themes wisely. Beware of malware hidden within plugins, but do not miss out on the opportunity to strengthen your security by implementing reliable security plugins.
  • Create a strong and complicated WordPress password that cannot be guessed. If you do not know how to choose strong WordPress passwords, employ a password manager with an integrated password generator.
  • Use a reliable password manager to keep your login information safe.
  • Make sure your username is not generic to prevent unauthorized access to the website.
  • Back up your website to ensure that it is up and running even if a cyber attack occurs.
By Foley
August 20, 2018
Tips
English
August 20, 2018
Tips

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Malware

2018's Most Common Cyber Attacks You Should Know About

Cyber attacks are more common that you might think. We have quite a few months to go before the year is over and we can start assessing cyber attacks of 2018; however, we know for a fact that 2017 was the worst year... Read more

August 9, 2018
Malware

The Best WordPress Security Practices to Protect Your Website from Hackers

Websites get hacked as often as users' accounts, be it a blog, an eCommerce website, or a portfolio. This is especially true for WordPress websites. The WordPress content management system (CMS) continues to be the... Read more

August 10, 2018
News

A Data Breach Affecting 21 Million Users Hits Timehop App

Timehop is an application that reminds you how embarrassing your old tweets and Facebook statuses are. It's now time for Timehop's creators to feel embarrassed because thanks to their sloppy security practices, they... Read more

July 11, 2018
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.