Most common Security Problems with Wordpress and how to fix them

Most common Security Problems with WordPress and how to fix them

Problem #1

People running out-of-date themes and plugins.There are literally millions of hacks waiting to happen and the bad guys can get step by step instructions on how to hack your site.

Answer: Update your site bi weekly or when an exploit that effects plugins you are using is released.

Problem #2

Sadly enough most WordPress installs have the same old “admin” user that came with it by default. Even sadder the top 5 password for 2015 were

123456
password
12345678
qwerty
12345

If this sounds familiar remember the vast majority of people also recycle the same passwords between accounts so its a big issue.

http://gizmodo.com/the-25-most-popular-passwords-of-2015-were-all-such-id-1753591514

Answer : Please use a password manager that creates and autofills and change them on a semi consistent basis.

Problem #3

Improperly configured server/hosting .

Insecure permissions especially on image directories.
Improperly set index options opens up file listings and indexing of directories https://wiki.apache.org/httpd/DirectoryListings (lookup google hack)

Answer: Set your files to 664, directories to 755, htaccess to 400.

Here is an htaccess I use for my wordpress sites that might help some.

https://gist.github.com/bhowe/3a89332f596b8ddd5fe5

Problem #4

Dont have backups.

Answer: Keep backups for 60 days there are a plethora of plugins and services out there. Suggest some in the comments.

Problem #5

Dont have anyone monitoring or watch the site on a regular basis.

Answer: Install Word fence (A personal favorite) . Configure it to scan your site, and to compare your wordpress core files and plugins again the repository.

Problem #6

Insecure theme or custom coding.

Answer: Get a professional to do a audit.

Questions/Comments?