WordPress is under attack. For every ten websites on the Internet, six of them are powered by WordPress. It’s easy to learn and use. It’s quick to add functionality without knowing how to code. And you can manage a great deal of content with WordPress. It’s popular and it’s free.
Table of Contents
- 1 WordPress Security Issues
WordPress Security Issues
Unfortunately, however, hackers seem to gravitate to WordPress sites. They attack WordPress sites with “brute force” attacks on other WordPress websites and they gather up a large enough group of hacked websites to create a “botnet”. The higher the number of compromised websites in the botnet, the more serious the attack can be.
WordPress and Hosting Providers
WordPress attacks are happening at a global level and hosting providers are being targeted. The attacks are highly distributed meaning the IP addresses used are spoofed, so it’s difficult to block all the malicious traffic.
Web hosting tips for security
- Firewall Protection
- Brute Force Detection and Evasion
- Apache Dos Prevention/Protection
- E-Mail Virus Filtering
- Exclusive to ServerSecurePLUS™:
- Daily CSX Scan
- SSH/cPanel/FTP Hardening
- WebServer & PHP Hardening
- Monthly Nessus® vulnerability scans
- Web Server & PHP Hardening
- SSH / cPanel / FTP Hardening
- Advanced Server Exploitation Prevention
WordPress and Huge “Botnet” of Infected Computers
A lot of cyber crimes are perpetrated by hackers that use “worms” to infect individual computers and use them to create “spoof addresses” for various types of fraud as well as to execute DDoS [distributed denial-of-service] attacks. Tying together servers with the large amount of network connections possessed by a popular WordPress site would up the ante by an order of magnitude or two.
If you or your company have WordPress websites or blogs, there are two things to consider. First is to avoid having your own site hijacked and second is to avoid becoming part of a larger problem.
- WordPress attacks Hammer web hosts
- HostGator warns of huge WordPress attack globally
- Huge attack on WordPress sites could spawn never-before-seen super botnet
Security Tips and WordPress
WordPress has made many changes to their security since the WordPress Bot Attacks.
- Avoid insecure passwords
- Avoid “admin” user name
- 2-Factor Authentication – I can not stress enough about the importance of using 2-step authentication. This is true for your WordPress, Gmail, and other important logins.
- Update WordPress
- Install a Security Plug in like “Better WP Security”
- Consider a CloudFare account
Web Hosting Security for WordPress
- Keep your WordPress updated – WordPress has gotten much better at security. They offer automated updates. All you need to do is take advantage of them.
- Add a .htaccess to your /wp-admin
- You can deny all IPs from accessing your WP Admin.
- You can allow your own IP address from accessing your WP Admin.
- Choose a web hosting provider that offers PCI Compliance, managed security, and security hardening.
WordPress Security Safeguards the Internet as a Whole
Web host HostGator has indicated that the burden of mass WordPress attacks is leading to a monumental strain on websites. Infected websites come to a crawl or go down altogether. There are also indications that once a WordPress website has been infected, it is equipped with a back door so that the hackers can return and maintain control even after the administrative login credentials have been changed.
Ongoing attacks creating a strain on Web hosts
Mass attacks on WordPress sites could equate to a never-seen-before super botnet that affects the entire Internet. The software developers and the open source community is making big strides in improvements of WordPress security. With so much at stake, the WordPress community has encouraged anyone that runs a WordPress site to implement their security tips.