{"id":5381,"date":"2019-03-28T09:43:12","date_gmt":"2019-03-28T09:43:12","guid":{"rendered":"https:\/\/www.register365.com\/blog\/?p=5381"},"modified":"2019-11-14T15:50:46","modified_gmt":"2019-11-14T15:50:46","slug":"harden-your-wordpress-security-with-these-top-tips","status":"publish","type":"post","link":"https:\/\/www.register365.com\/blog\/harden-your-wordpress-security-with-these-top-tips\/","title":{"rendered":"Harden your WordPress security with these top tips"},"content":{"rendered":"<h1>WordPress security &#8211; everyone is talking about it, but why?<\/h1>\n<p>In 2018, 90% of all hacked CMS websites were WordPress sites [1]and you could argue that WordPress is likely to be top of the list as it runs more websites. However its 60% share of CMS sites is too low to fully explain it; there must be other reasons. It\u2019s also getting worse as WordPress\u2019s share of hacked sites is increasing: 74% in 2016, 83% in 2017.<\/p>\n<p>According to Sucuri which carried out the research, WordPress administrators are better than most at installing core updates. Other CMS\u2019s sites are much more likely to be running out of date systems. No, the main reason WordPress gets hacked more often is due to vulnerabilities in plug-ins and themes.<\/p>\n<p>You can search for \u201cWordPress security\u201d and find pages of \u201cwe fix hacked websites\u201d links as well as tips on cleaning up and generic good practice. Here we take a deeper look at the more likely causes of a WordPress hack and how to protect against them.<\/p>\n<h2>What are the risks?<\/h2>\n<p>First, what do hackers do after hacking a WordPress site?<\/p>\n<ul>\n<li>Inject a backdoor (eg a rogue system file) allowing hackers to implement attacks on other sites on the same server<\/li>\n<li>Implement a pharma hack which returns spam ads and can cause the site to be blocked by search engines<\/li>\n<li>Redirect to malicious websites<\/li>\n<li>Use cross-site scripting to steal session data or a cookie from the end-user<\/li>\n<\/ul>\n<h2>Choose WordPress plugins wisely<\/h2>\n<p>In the middle of development, with a deadline to meet, it\u2019s easy to pick a plugin without investigating it. It looks as though it will do the job exactly, and you might find a freebie version. Once it\u2019s in, development can move on and it becomes part of the website, forgotten almost.<\/p>\n<p>Choose a plugin from the WordPress repo, or download it directly from a developer\u2019s website. Look for plugins that have been updated recently, indicating not only their security but bug-fixing and compatibility with the latest WordPress core. Also, check ratings from other users and after downloading, virus scan the plugin.<\/p>\n<p>You can find premium plugins and themes on secondary sites (ie not the original developer) that have been modified so as not to require a license key. Don\u2019t be tempted to use them. They may contain malware; they won\u2019t get updated for bug fixes or core compatibility; and, ultimately, it\u2019s stealing &#8211; depriving the developer of revenue.<\/p>\n<h2>Use the latest versions of everything, not just the core<\/h2>\n<p>The WordPress security team (about 50 people) is constantly addressing vulnerabilities. It\u2019s essential to implement the core changes they deliver, but also plugins and themes.<\/p>\n<p>Regularly check security sites for guidance and new vulnerabilities, this is a must-do for e-commerce websites. Four resources worth checking are:<\/p>\n<ul>\n<li>WP Security Bloggers [2]<\/li>\n<li>WPScan vulnerability database [3] &#8211; which includes sections for plugins and themes<\/li>\n<li>Threatpress [4]<\/li>\n<li>WordPress official security archive [5]<\/li>\n<\/ul>\n<h2>Was WordPress the right choice?<\/h2>\n<p>WordPress is still an excellent choice as a CMS. With such a high share of the market, its future is assured. However, that also makes it a target for hackers and it\u2019s essential to protect against threats. Follow good practice on-site security but give special care to choosing and updating plugins and themes.<\/p>\n<p>&nbsp;<\/p>\n<p>[1] <a href=\"https:\/\/www.zdnet.com\/article\/wordpress-accounted-for-90-percent-of-all-hacked-cms-sites-in-2018\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.zdnet.com\/article\/wordpress-accounted-for-90-percent-of-all-hacked-cms-sites-in-2018\/<\/a><\/p>\n<p>[2] <a href=\"https:\/\/www.wpsecuritybloggers.com\/blog\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.wpsecuritybloggers.com\/blog\/<\/a><\/p>\n<p>[3]<a href=\"https:\/\/wpvulndb.com\/\" target=\"_blank\" rel=\"noopener noreferrer\"> https:\/\/wpvulndb.com\/<\/a><\/p>\n<p>[4] <a href=\"https:\/\/db.threatpress.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/db.threatpress.com\/<\/a><\/p>\n<p>[5] <a href=\"https:\/\/wordpress.org\/news\/category\/security\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/wordpress.org\/news\/category\/security\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>WordPress security &#8211; everyone is talking about it, but why? In 2018, 90% of all hacked CMS websites were WordPress sites [1]and you could argue that WordPress is likely to&#8230; <a class=\"more-link\" href=\"https:\/\/www.register365.com\/blog\/harden-your-wordpress-security-with-these-top-tips\/\">Read more &rarr;<\/a><\/p>\n","protected":false},"author":22,"featured_media":5253,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18,775],"tags":[],"class_list":["post-5381","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-tips-tricks"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Harden your WordPress security with these top tips<\/title>\n<meta name=\"description\" content=\"WordPress security - everyone is talking about it, but why? We take a deeper look at the likely causes of a WordPress hack and how to protect against them.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.register365.com\/blog\/2019\/03\/harden-your-wordpress-security-with-these-top-tips\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Harden your WordPress security with these top tips\" \/>\n<meta property=\"og:description\" content=\"WordPress security - everyone is talking about it, but why? We take a deeper look at the likely causes of a WordPress hack and how to protect against them.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.register365.com\/blog\/2019\/03\/harden-your-wordpress-security-with-these-top-tips\/\" \/>\n<meta property=\"og:site_name\" content=\"Register365 Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/register365\" \/>\n<meta property=\"article:published_time\" content=\"2019-03-28T09:43:12+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-11-14T15:50:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.register365.com\/blog\/wp-content\/uploads\/2019\/02\/WordPress.png\" \/>\n\t<meta property=\"og:image:width\" content=\"945\" \/>\n\t<meta property=\"og:image:height\" content=\"425\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Nathan\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Nathan\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.register365.com\/blog\/2019\/03\/harden-your-wordpress-security-with-these-top-tips\/\",\"url\":\"https:\/\/www.register365.com\/blog\/2019\/03\/harden-your-wordpress-security-with-these-top-tips\/\",\"name\":\"Harden your WordPress security with these top tips\",\"isPartOf\":{\"@id\":\"https:\/\/www.register365.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.register365.com\/blog\/2019\/03\/harden-your-wordpress-security-with-these-top-tips\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.register365.com\/blog\/2019\/03\/harden-your-wordpress-security-with-these-top-tips\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.register365.com\/blog\/wp-content\/uploads\/2019\/02\/WordPress.png\",\"datePublished\":\"2019-03-28T09:43:12+00:00\",\"dateModified\":\"2019-11-14T15:50:46+00:00\",\"author\":{\"@id\":\"https:\/\/www.register365.com\/blog\/#\/schema\/person\/b8684be81b9b651f59d97f7bac864748\"},\"description\":\"WordPress security - everyone is talking about it, but why? We take a deeper look at the likely causes of a WordPress hack and how to protect against them.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.register365.com\/blog\/2019\/03\/harden-your-wordpress-security-with-these-top-tips\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.register365.com\/blog\/2019\/03\/harden-your-wordpress-security-with-these-top-tips\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.register365.com\/blog\/2019\/03\/harden-your-wordpress-security-with-these-top-tips\/#primaryimage\",\"url\":\"https:\/\/www.register365.com\/blog\/wp-content\/uploads\/2019\/02\/WordPress.png\",\"contentUrl\":\"https:\/\/www.register365.com\/blog\/wp-content\/uploads\/2019\/02\/WordPress.png\",\"width\":945,\"height\":425,\"caption\":\"Wordpress website\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.register365.com\/blog\/2019\/03\/harden-your-wordpress-security-with-these-top-tips\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Register365\",\"item\":\"\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Blog\",\"item\":\"https:\/\/www.register365.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Security\",\"item\":\"https:\/\/www.register365.com\/blog\/category\/security\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Harden your WordPress security with these top tips\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.register365.com\/blog\/#website\",\"url\":\"https:\/\/www.register365.com\/blog\/\",\"name\":\"Register365 Blog\",\"description\":\"Welcome to the Register365 blog! Keep up to date with our latest news and product updates, find out more about our Free Online Business Training, and share your comments with us!\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.register365.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.register365.com\/blog\/#\/schema\/person\/b8684be81b9b651f59d97f7bac864748\",\"name\":\"Nathan\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.register365.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b849f2ae94026a2583ec808f66065701dbebe5ca9a87e51fab1269f2853c4a71?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b849f2ae94026a2583ec808f66065701dbebe5ca9a87e51fab1269f2853c4a71?s=96&d=identicon&r=g\",\"caption\":\"Nathan\"},\"description\":\"Nathan has been with team.blue since 2005 and has a background in Technical Support. He is passionate about helping customers find the best product for them and use it to its full potential. In his free time you'll find him on a train travelling through some beautiful countryside, or curled up on a sofa with his head in a book.\",\"url\":\"https:\/\/www.register365.com\/blog\/author\/nathan\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Harden your WordPress security with these top tips","description":"WordPress security - everyone is talking about it, but why? We take a deeper look at the likely causes of a WordPress hack and how to protect against them.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.register365.com\/blog\/2019\/03\/harden-your-wordpress-security-with-these-top-tips\/","og_locale":"en_GB","og_type":"article","og_title":"Harden your WordPress security with these top tips","og_description":"WordPress security - everyone is talking about it, but why? We take a deeper look at the likely causes of a WordPress hack and how to protect against them.","og_url":"https:\/\/www.register365.com\/blog\/2019\/03\/harden-your-wordpress-security-with-these-top-tips\/","og_site_name":"Register365 Blog","article_publisher":"https:\/\/www.facebook.com\/register365","article_published_time":"2019-03-28T09:43:12+00:00","article_modified_time":"2019-11-14T15:50:46+00:00","og_image":[{"width":945,"height":425,"url":"https:\/\/www.register365.com\/blog\/wp-content\/uploads\/2019\/02\/WordPress.png","type":"image\/png"}],"author":"Nathan","twitter_misc":{"Written by":"Nathan","Estimated reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.register365.com\/blog\/2019\/03\/harden-your-wordpress-security-with-these-top-tips\/","url":"https:\/\/www.register365.com\/blog\/2019\/03\/harden-your-wordpress-security-with-these-top-tips\/","name":"Harden your WordPress security with these top tips","isPartOf":{"@id":"https:\/\/www.register365.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.register365.com\/blog\/2019\/03\/harden-your-wordpress-security-with-these-top-tips\/#primaryimage"},"image":{"@id":"https:\/\/www.register365.com\/blog\/2019\/03\/harden-your-wordpress-security-with-these-top-tips\/#primaryimage"},"thumbnailUrl":"https:\/\/www.register365.com\/blog\/wp-content\/uploads\/2019\/02\/WordPress.png","datePublished":"2019-03-28T09:43:12+00:00","dateModified":"2019-11-14T15:50:46+00:00","author":{"@id":"https:\/\/www.register365.com\/blog\/#\/schema\/person\/b8684be81b9b651f59d97f7bac864748"},"description":"WordPress security - everyone is talking about it, but why? We take a deeper look at the likely causes of a WordPress hack and how to protect against them.","breadcrumb":{"@id":"https:\/\/www.register365.com\/blog\/2019\/03\/harden-your-wordpress-security-with-these-top-tips\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.register365.com\/blog\/2019\/03\/harden-your-wordpress-security-with-these-top-tips\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.register365.com\/blog\/2019\/03\/harden-your-wordpress-security-with-these-top-tips\/#primaryimage","url":"https:\/\/www.register365.com\/blog\/wp-content\/uploads\/2019\/02\/WordPress.png","contentUrl":"https:\/\/www.register365.com\/blog\/wp-content\/uploads\/2019\/02\/WordPress.png","width":945,"height":425,"caption":"Wordpress website"},{"@type":"BreadcrumbList","@id":"https:\/\/www.register365.com\/blog\/2019\/03\/harden-your-wordpress-security-with-these-top-tips\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Register365","item":"\/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https:\/\/www.register365.com\/blog\/"},{"@type":"ListItem","position":3,"name":"Security","item":"https:\/\/www.register365.com\/blog\/category\/security\/"},{"@type":"ListItem","position":4,"name":"Harden your WordPress security with these top tips"}]},{"@type":"WebSite","@id":"https:\/\/www.register365.com\/blog\/#website","url":"https:\/\/www.register365.com\/blog\/","name":"Register365 Blog","description":"Welcome to the Register365 blog! Keep up to date with our latest news and product updates, find out more about our Free Online Business Training, and share your comments with us!","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.register365.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/www.register365.com\/blog\/#\/schema\/person\/b8684be81b9b651f59d97f7bac864748","name":"Nathan","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.register365.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/b849f2ae94026a2583ec808f66065701dbebe5ca9a87e51fab1269f2853c4a71?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b849f2ae94026a2583ec808f66065701dbebe5ca9a87e51fab1269f2853c4a71?s=96&d=identicon&r=g","caption":"Nathan"},"description":"Nathan has been with team.blue since 2005 and has a background in Technical Support. He is passionate about helping customers find the best product for them and use it to its full potential. In his free time you'll find him on a train travelling through some beautiful countryside, or curled up on a sofa with his head in a book.","url":"https:\/\/www.register365.com\/blog\/author\/nathan\/"}]}},"_links":{"self":[{"href":"https:\/\/www.register365.com\/blog\/wp-json\/wp\/v2\/posts\/5381","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.register365.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.register365.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.register365.com\/blog\/wp-json\/wp\/v2\/users\/22"}],"replies":[{"embeddable":true,"href":"https:\/\/www.register365.com\/blog\/wp-json\/wp\/v2\/comments?post=5381"}],"version-history":[{"count":3,"href":"https:\/\/www.register365.com\/blog\/wp-json\/wp\/v2\/posts\/5381\/revisions"}],"predecessor-version":[{"id":5658,"href":"https:\/\/www.register365.com\/blog\/wp-json\/wp\/v2\/posts\/5381\/revisions\/5658"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.register365.com\/blog\/wp-json\/wp\/v2\/media\/5253"}],"wp:attachment":[{"href":"https:\/\/www.register365.com\/blog\/wp-json\/wp\/v2\/media?parent=5381"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.register365.com\/blog\/wp-json\/wp\/v2\/categories?post=5381"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.register365.com\/blog\/wp-json\/wp\/v2\/tags?post=5381"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}