Site Security Issues from the Eyes of Web Hosting Company

Note: This guest post is written by Stacey Talieres of InterServer. 

The biggest threat to any organization’s security is people. It often times is the weakest link in a series of security procedures. From hackers conducting social engineering schemes to employees leaving passwords on post-it notes on their company’s computer, there are various ways security can be compromised within an company. However, the biggest blunder that we see as a Web Hosting Provider is website owners foregoing important WordPress updates.

As someone who is new to owning a WordPress website and starting from scratch you may not be aware of all the imminent dangers being on the Internet poses. WordPress is a resourceful tool that allows anyone, even without much technical knowledge to design a website.

john

According to our CTO/Security Expert John Quaglieri, “You do not need to be a webmaster to use WordPress, however careful maintenance and your due diligence is required.”

If you are unsure on how to go about fixing your WordPress if it has been compromised, switch over to InterServer and we promise to take back and clean up your website from malware and malicious hackers. We offer managed WordPress hosting at a very affordable price.

Hackers Lurk Around the Corner

As a couple of months stroll by, and as a proud website owner you become increasingly unaware of the direct danger lurking within your own WordPress site. One of the biggest mistakes people counter when running a WordPress website is that your core and theme are out of date.

WordPress is constantly updating it’s software in order to circumvent attackers. Attackers are constantly trying to figure out a security bug in order to compromise your WordPress.  Perhaps you are currently content with the current functionality of your WordPress core and theme. You are afraid that if you update WordPress you may lose everything that you built. However, it is of the utmost importance that you limit a hacker’s ability to control and manipulate your website.

Exploiting Your Weaknesses

If hackers are interested in your website, they will spend a great deal of time combing through the fine details of your WordPress.  Eventually hackers will learn what kind of software and version your WordPress is running. There exist plenty of information on all the individual software version of WordPress plus the known weaknesses that lie within each.  The decision to constantly update your WordPress will discourage any potential hackers because they will not want to spend the time finding exploits that do not exist yet.

Once a hacker finds out your core and theme, they will use this information to emulate your website to figure out the best way to compromise your website. If an attacker determines that it is worth their time to compromise your WordPress, they will attempt to find your backups on the Web. Then they will go through the process to mimic your website in order to find the best way to exploit you.

Protect Your WordPress

Updating your WordPress Core and Themes is a simple and easy process. WordPress offers you the ability to update your core with one-click installs or you can manually oversee the process yourself.  In order to ensure a successful update, constantly update your WordPress just in case anything should go wrong.  If you are ever curious when it is time to update, WordPress will notify you when the latest software is available.

Plugins Beware

Over 50% of WordPress hacks are coming from plugins (source).

Over 50% of WordPress hacks are coming from plugins (source).

The great thing about WordPress is the ability to customize your website to your heart’s desire. With that being said, there are many tools, known as plugins in WordPress that allow you to customize or assist you in the creation of your website. In the WordPress universe there exist a wide array of plugins ranging from free to premium. Plugins can range from being masterfully developed or just flat out pitiful abominations that wreak havoc upon your WordPress.

The poorly developed plugins should be of a major concern to you if there exist any in your WordPress. What makes them so dangerous is that they are so poorly coded and out of date. If those two conditions exist in a plugin, you can bet a hacker is waiting right around the corner trying to exploit your WordPress via bad plugins. Luckily for us, there exist a site that contains a plethora of safe and useful plugins. Take the time to leisurely scroll through this website as you will find many useful plugins and useless ones as well. The great thing about these plugins from this database is that you will not find any malware.

Besides worrying about malware and the integrity of your plugin, there two very important conditions to consider. Is the plugin that you are considering out of date? If so, do not download it because you are exposing yourself to a potential security exploit. Also, not only does it make you vulnerable, but out of date plugins are also not compatible with current software versions of WordPress.

Third Party Plugins

Once you search outside of the WordPress repository for plugins you are taking a big risk in trusting a 3rd party developer. Unless you know the developer personally, we would suggest not downloading any of these kinds of plugins because they do pose such a huge risk. Most of the times hackers love to create free plugins that mimic premium plugins hoping that you will take the bait. You could call it a trojan horse in an aspect because you are downloading what you believe is to be this great and useful plugin that turns out to be a trap.

Conclusion

Overall, if your WordPress is the cornerstone of your business or blog do everything you can to ensure that it is safe from hackers. Take the time to make sure your WordPress core and themes are up to date. Do the proper research before installing plugins. We know that with running a websites comes a lot of problems, however if you take the appropriate security measures you will have one less thing to worry about.

Over at InterServer, Mike, John and their entire team can provide you the resources to run the best WordPress site on the web.

Jerry’s note

We published several relevant articles in the past. For more WordPress security tips, read: 8 most common WordPress errors and their fixes, 5 steps to secure your WordPress login page. Also, read about my site visit and experience in this InterServer review.