WordPress Site Security Audit

Posted by Kevin Brkal

FacebookTweetGoogle PlusLinkedinMail

If your website is WordPress powered you probably love the ability to login at wp-admin and easily update your entire website.  Every convenience such as this also offers a potential hacker an access point to hack a website. You see it on the news almost once a week now that such and such was hacked. Hackers hack sites for a ton of different reasons but many do it for financial gain through increased exposure in SERP and they will comb the web to find easy targets.  Make sure your site is not a easy target but the Fort Knox of websites.

ADMIN Username

One of the easiest ways for a hacker to get in to a site is through the login page and simply guessing the password for the admin username.  The admin username is the default one that is created when a website is build via WordPress.  You should immediately change it to something else that includes numbers and letters.  It is also extremely important to create a password that is secure and longer than 10 digits and WordPress provides it to you. A hacker will have a script that will do a brute force attack on the login screen and randomly enter in passwords until they get in.  If your web host does not have limits on this then an attacker can brute force until they finally get in.

Not Updating WordPress Core & Plugins

Another area where an attacker can gain access is through out of date WordPress core and plugins.  Every time there is an update to WordPress core that update almost always is fixing security vulnerabilities.  Those vulnerabilities are almost always disclosed one way or another which gives an attacker a good shot at potentially getting into your site if your site is not up to date. Just look at this article by WordFence that explained how the Panama Papers hack took place. If that is not a reason to make sure your WordPress core and plugins are up to date I don’t know what else would be.

No WordPress Firewall

Even if your site is running the latest version of WordPress core and all of your plugins are up to date you still run the risk of your site being compromised by not disclosed vulnerability.  One way to help mitigate this is through an active WAF firewall that will filter out traffic before it actually hits your server.  You can accomplish this through either using Cloudflare as your DNS provider and activating and setting up WAF.  Additionally you can install a plugin such as WordFence and then activate and optimize the firewall. A WordPress site security audit would help show you what you need to do and in many cases set them up for you.

Final Thoughts

As a website owner its your job to keep your site secure and safe.  This article outlined some simple things that you can do to ensure your site is as secure as possible. WordPress security is also not a one and done type of thing, and should be something you do atleast once a month. If any of this seems to hard or will just take to much time please know that KNB Online Inc is here to help.  We offer a full WordPress site security audit that will implement a great deal of security measures to help keep your site as secure as possible.

Contact Us

Lets connect, please fill out the form below and a member of our team will contact you shortly.

KNB Online Inc.

5900 South Lake Forest Drive Suite 300 PMB# 111, McKinney, TX 75070

Phone: 972-439-1384