Most common Security Problems with Wordpress and how to fix them
People running out-of-date themes and plugins.There are literally millions of hacks waiting to happen and the bad guys can get step by step instructions on how to hack your site.
Answer: Update your site bi weekly or when an exploit that effects plugins you are using is released.
Sadly enough most Wordpress installs have the same old “admin” user that came with it by default. Even sadder the top 5 password for 2015 were
If this sounds familiar remember the vast majority of people also recycle the same passwords between accounts so its a big issue.
Answer : Please use a password manager that creates and autofills and change them on a semi consistent basis.
Improperly configured server/hosting .
- Insecure permissions especially on image directories.
- Improperly set index options opens up file listings and indexing of directories https://wiki.apache.org/httpd/DirectoryListings (lookup google hack)
Answer: Set your files to 664, directories to 755, htaccess to 400.
Here is an htaccess I use for my wordpress sites that might help some.
Dont have backups.
Answer: Keep backups for 60 days there are a plethora of plugins and services out there. Suggest some in the comments.
Dont have anyone monitoring or watch the site on a regular basis.
Answer: Install Word fence (A personal favorite) . Configure it to scan your site, and to compare your wordpress core files and plugins again the repository.
Insecure theme or custom coding.
Answer: Get a professional to do a audit.