As a WordPress website owner, what are the main security risks to be wary of?
The main security risk of having a website is being hacked. Before talking specifically about WordPress, I’d like to point out that every online website is a target. Many believe that because their website is not popular, or because it does not hold any sensitive information it is not a target.
Hackers are after everything that your website has. They hack a website to host and transfer warez and other forms of illegal files, so they can use free bandwidth, which you pay for. They hack websites to inject links for black hat SEO or to inject malware and infect your visitors so they can use them as bots during a distributed hack or denial of service attack.
Back to WordPress, being a WordPress website owner unfortunately has even a higher security risk. WordPress is so easy to use that the number of non technical people who have their own websites and blogs has drastically increased. Malicious hackers know this and use it to their advantage.
They know that most WordPress websites owners do not go the extra mile to secure it, maybe because they simply do not see any reason to do so. They also know that typically such users install any type of WordPress plugin or WordPress theme without scrutinizing it, thus making them vulnerable and a very easy target. And so because WordPress is very easy to use it is now most probably the number one target for malicious hackers.
What would you say are the most important measures you should take to secure a WordPress website?
Web security is like a living thing, it is constantly evolving. Therefore everything you do should be done with security in mind. To start off with, there are some things that you can do just once to improve the security of your WordPress blog or website, but you still have to always follow a number of rules while using WordPress. By following such rules you will be safe from most of the automated targeted WordPress attacks which typically spread like wild fires:
1. Use strong usernames and passwords. A strong password should consist of at least 8 characters and should also include numbers and special characters such as ? and !. Avoid using dictionary words, pets’ names, partners’ names etc.
2. Before installing a WordPress theme or plugin, make a little bit of research about it. For example before installing a plugin, check how popular it is from the plugin ratings and what people say about it on the WordPress support forums. Check how frequently it is updated etc.
3. Always update your WordPress installation, plugins and themes. By using the latest version of a particular software you ensure that you are using the most secure and stable version. This does not just apply to WordPress, but to any type of software you use.
4. Trust no one. Before disclosing your WordPress password to a freelancer, make sure you verify who you are speaking to. If need be, ask for a telephone number so you can speak to the person. Before hiring a freelancer, ask your fellow bloggers to see if they can recommend someone.