Even the most secure website’s can get hacked. Perhaps you have a WordPress blog set up to build and promote your personal brand. Maybe you publish a blog that highlights your products and opportunity’s, or one that provides training and success tips. Whatever your purpose, keeping your blog safe and secure is easily ignored. Frankly, most of us prefer to just set up our blogs and publish our content. We like to think that our website hosting company will take care of security and protect our blogs from attack. While a good hosting company will have safeguards and mechanisms in place to help prevent malicious attacks, they can’t do everything for you.
The fact is, if you don’t take care to protect your work, a lot can go right down the drain and may not be recoverable. Which means you will have to start all over with a new cost.
WordPress security is becoming a growing problem. The more successful you are with your website blog, the more your blog becomes a target of hackers who look for security vulnerabilities in the WordPress platform. Why are hackers interested in your blog? In our experience we’ve seen motivation range from simple website defacing to complex search engine optimization schemes that steal the “link juice” from your website to promote criminal activities on the web.
Why is security such a problem with Wordpess blogs? Well, WordPress isn’t the real problem. The contributors to WordPress put a lot of man hours into insuring that the software is free of security flaws. However, the platform isn’t perfect and it is dependent on two other components that that fall outside of the control of the platform code base–hosting and plugins.
The first challenge for WordPress security is hosting. We have seen first hand were the majority of shared hosting providers have a laundry list of security vulnerabilities. These security vulnerabilities include older versions of Apache that have known exploits and a lack of security monitoring systems in their overall infrastructure.
The second challenge is security exploits in third party plugins. Many WordPress plugins allow both administrators and end users to interact with them. This includes activities such as uploading information (e.g. forms plugins) and interacting with the base WordPress modules. Hackers know this and are constantly looking to exploit security vulnerabilities in plugins.