WordPress Security – Closing Those “Back Doors”
Some people consider the WordPress platform itself to be one big back door that provides access to hackers. After all, it is Open Source with many people all over the world adding to it, improving it – and hacking it. The good news is that your WordPress website does not have to be added to the list of hacked sites, just because it’s a WordPress site.
While some hackers target WordPress, they do so for reasons that are important for all WordPress users to consider.
The very popularity of WordPress makes it attractive to hackers. Karol K, gathered the following information in his post, The Ultimate List of WordPress Statistics:
- 50-60% is WordPress’ share of the global CMS market – making it the most popular CMS of them all. 
- New York Observer, New York Post, TED, Thought Catalog, Williams, USA Today, CNN, Fortune.com, TIME.com, National Post, Spotify, TechCrunch, CBS Local, NBC all use WordPress. 
- Around 15,886,000 websites on the entire web use WordPress. 
If it is so popular and hackers like it, then why are people – and major companies, still using it? Well, it is a secure platform (as secure as anything can be on the internet) when it is setup with security in mind and when it is maintained.
Many people, small companies included, decide to build a WordPress website because it is”free”. And so it is – if you know what you are doing or if you have someone who can help you. When “free” is the motivator, these websites are not often set up properly; the infamous “admin” username is an example (see below). Once they are set up, the “backend” of the website is often not maintained and so out-of-date WordPress versions and plugins invite hackers.
Another consequence of trying to set up an almost free website is choosing a Web Host that has the cheapest hosting plan. There are several things to consider when choosing a web host and although price is important, it should not be the determining factor.
So let’s talk about the many strategies used to slam that “back door” shut.
- Start with your Web Host
- Consider your Hosting Plan and your business needs
- Install WordPress manually (or if you have already installed it, update the security of your WordPress installation. For example, use secure usernames and passwords – not easy to guess like: “admin” or “administrator”.)
- Use Security Plugins
- Update Plugins and WordPress version vigilantly
- Maintain your site – including deleting themes and plugins that you no longer need
- Backup your site (files & database) regularly to restore it if it does get hacked.
- Keep an “ear to the ground” in the world of WordPress and WordPress Security
If these things are out of your level of expertise, maybe someone could help you apply these strategies to your website. If not, you may need to roll up your sleeves and learn about it yourself. WordPress is an Open Source software and the international online community is very supportive. There are very likely local meetups and organizations in your area dedicated to supporting WordPress users including those just starting.
If that just seems too daunting either on a technological level or time commitment, you may need to pay someone to maintain your site and keep it safe. Although WordPress is free for some, it will not be free for all to maintain. You might get lucky, and never be hacked. However, you can decrease your chances of being hacked by using sound security strategies.
For more details on the strategies listed above, search the internet, join a WordPress group, or follow this topic thread in our newsletter as we go through those strategies in more detail.