WordPress Security 2013

Most Popular CMS

WordPress Hacked 2012-2013

Ever since WordPress became a popular CMS, hacker attempts have been made on the software.

On Mar 13, 2012 – Massive amounts of WordPress sites were hacked when a vulnerability was found in the framework. Among the biggest casualties was WordPress.com. Passwords seemed to be a culprit as well with this attack.

On Apr 15, 2013 – A massive BotNet attacked WordPress users trying to direct their computers to “brute force” attack on WordPress passwords. The current attack is likely preparation for a much larger attack coming at a later date.

WordPress Stats

How many posts are published on WordPress.com?

WordPress.com users produce about 49.3 million new posts and 50.7 million new comments each month.

How many people read blogs on WordPress.com?

Over 374 million people view more than 4.1 billion pages each month.

What to do about it

2 Primary Reasons for WordPress Getting Hacked:

1. Mass Appeal: WordPress has mass appeal and is known for its amazing flexibility and extensibility and therefore is odopted all over the world as the primary software for running content based websites. This mass appeal creates appeal for publishers and hackers alike. Now hackers can focus on 1 piece of software, exploit it, and gain access to hundreds of thousands of websites to use them to distribute malware or facilitate other malicious activity online. Hackers are constantly looking for ways to get into WordPress just like every child wants to get into Disneylad.
2. Extensions and Plugins: Insecurities in software are greatly enhanced when code and development changes hands. 3rd party vendors and programmers are more than willing to develop piece of software to extend WordPress (known as plugins) in effort to make the application even more powerful. This often times create vulnerabilities that need to be patched and these insecurities can make it back to hackers rather quickly and create a “lowest hanging fruit” opportunity for them.

3 Primary Ways to Prevent Getting Hacked:

1. Admin Passwords: Admin password are critical to maintaining the integrity of your WordPress installation. These passwords should contain numbers AND letter and should be 8 characters long if possible. This will brute force attacks on admin passwords which is one of the main focuses of the hacker community.
2. Software Up-to-date: Software is a living breathing thing and it needs attention. When insecuritie are discovered in your software over time, they should get patched immediately as hackers will target the “lowest hanging fruit” and any piece of software that has known vulnerabilities is easy stuff for a hacker.
3. Avoid Plugins: Plugins that are used should be vetted by doing plenty of research and they should be developed by known WordPress developers (someone who has lots of experience with WordPress plugins). Be very careful and watchful when implementing any plugin and watch server logs for any abnormalities.

There are 3 Primary Actions to Take:

1. Change Passwords: Admin password are critical to maintaining the integrity of your WordPress installation – create strong ones, keep them to yourself and change them often.
2. Backups: Running backups will prevent you from losing too much data in the event that your WordPress installation gets hacked.
3. Work with WordPress Specialists: WordPress installation and configuration is simple and tempting to do on your own. However, when it comes to Plugins that are used should be vetted by doing plenty of research on who to work with for custom WordPress development.

Leave a Reply