WordPress is a very secure CMS but just like any other content management system, website or web application, it can be targeted by hackers.
WordPress is very secure and powers some of the largest, most highly-trafficked websites on earth, including WordPress.com, which is one of the top 25 most trafficked websites in the world, and the #1 network of websites in the United States. Like any software, vulnerabilities and security issues can be encountered if developers are not following up-to-date best practices or if the server setup, whether internal or managed by a third-party, isn’t optimized for WordPress use. However, if you’re running a fully optimized WordPress install, your site will be running software that is safe, secure, and scalable.
WordPress in Government FAQ
This is number 1 for a reason. The most important step you can take to ensure your WP site is safe from exploits is to keep the WP version and all installed plugins updated to the latest version. Every time WordPress gets updated, it comes with new security patches. A great tool that will help you to achieve this is WPremote.com.
Either install a backup plugin that creates a backup of all your WP files and database, or schedule a manual backing up system at server level so that you can restore your website to the latest version should it be hacked.
Every WordPress site has the same login URL, which is your URL followed by /wp-admin. All hackers know this, so it leaves your login screen exposed to whoever wants to try a brute force attack. Always customise your login URL to something unique, eg. /mycmslogin. Alternative approach is to allow access to /wp-admin URL only from a predefined list of IP addresses (eg. from your home or your office).
The default WordPress user comes with the name admin. Hackers know this and use the combination of this predictable username with random passwords when trying to break into your site. Always set up a unique admin user name or delete the default user called admin.
Install the Akismet plugin that helps defeat spam attacks that target comment boxes below your blog post articles.
Adding an extra line of defence when logging into your WordPress site can be vital. Yubico is a system that allows you to add a physical touch to the login process by only allowing people with a secure USB key (yubikey) and credentials to access the site. So even if the hackers / bots get your username and password, they still can’t get past your login screen without physically inserting the key into the machine they are using.
Drop us an email or call 020 3372 5696.
Stay up-to-date on the latest WordPress, design and marketing trends with our quarterly email newsletter – subscribe now.
WordPress is very secure and powers some of the largest, most highly-trafficked websites on earth, including WordPress.com, which is one of the top 25 most trafficked websites in the world, and the #1 network of websites in the United States. Like any software, vulnerabilities and security issues can be encountered if developers are not following up-to-date best practices or if the server setup, whether internal or managed by a third-party, isn’t optimized for WordPress use. However, if you’re running a fully optimized WordPress install, your site will be running software that is safe, secure, and scalable.