Most common Security Problems with WordPress and how to fix them
Problem #1
People running out-of-date themes and plugins.There are literally millions of hacks waiting to happen and the bad guys can get step by step instructions on how to hack your site.
Answer: Update your site bi weekly or when an exploit that effects plugins you are using is released.
Problem #2
Sadly enough most WordPress installs have the same old “admin” user that came with it by default. Even sadder the top 5 password for 2015 were
- 123456
- password
- 12345678
- qwerty
- 12345
If this sounds familiar remember the vast majority of people also recycle the same passwords between accounts so its a big issue.
http://gizmodo.com/the-25-most-popular-passwords-of-2015-were-all-such-id-1753591514
Answer : Please use a password manager that creates and autofills and change them on a semi consistent basis.
Problem #3
Improperly configured server/hosting .
- Insecure permissions especially on image directories.
- Improperly set index options opens up file listings and indexing of directories https://wiki.apache.org/httpd/DirectoryListings (lookup google hack)
Answer: Set your files to 664, directories to 755, htaccess to 400.
Here is an htaccess I use for my wordpress sites that might help some.
https://gist.github.com/bhowe/3a89332f596b8ddd5fe5
Problem #4
Dont have backups.
Answer: Keep backups for 60 days there are a plethora of plugins and services out there. Suggest some in the comments.
Problem #5
Dont have anyone monitoring or watch the site on a regular basis.
Answer: Install Word fence (A personal favorite) . Configure it to scan your site, and to compare your wordpress core files and plugins again the repository.
Problem #6
Insecure theme or custom coding.
Answer: Get a professional to do a audit.
Questions/Comments?