Security Corner

Sep 28 2013   10:26PM GMT

Ten steps to avoid being one of the73% of WordPress sites vulnerable to attack

Ken Harthun Ken Harthun Profile: Ken Harthun

wordpress-securityAccording to this nakedsecurity blog post, “A recent investigation has concluded that 73% of the 40,000 most popular websites that use WordPress software are vulnerable to attack.” Vulnerability researchers EnableSecurity carried out the study and was reported by WordPress security firm WP WhiteSecurity. The investigators qualified their statistics a bit with this statement: “The tools used for this research are still being developed therefore some statistics might not be accurate.” Nevertheless, it warrants your attention if you are running WordPress.

Here are ten steps that Sophos recommends to bolster your WordPress security:

  • Always run the very latest version of WordPress
  • Always run the very latest versions of your plugins and themes
  • Be conservative in your selection of plugins and themes
  • Delete the admin user and remove unused plugins, themes and users
  • Make sure every user has their own strong password
  • Enable two factor authentication for all your users
  • Force both logins and admin access to use HTTPS
  • Generate complex secret keys for your wp-config.php file
  • Consider hosting with a dedicated WordPress hosting company
  • Put a Web Application Firewall in front of your website

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: