Tag Archives: WordPress security Tip

08.28.12
by

Hackers exploiting the security of WordPress


WordPress is very popular platform these days (around 8.5% of all worlds’ websites are powered by WordPress!). As it is Open Source, everybody has access to its Source Code and can experiment with new cracking/hacking methods easily.

WordPress has become one of the most preferred exploitation destinations for hackers across the globe. While WordPress has been continuously releasing new versions that loop up the security holes, its popularity as a blogging platform has always prompted hackers to come up with new measures to hack information, interrupt service, and redirect traffic or other purposes. At CPWebHosting – secured WordPress hosting provider, the security is very good and all the preventive measures are taken to make your website stay away from hackers.

Although there are several ways in which WordPress issues can be tightened, only a few users follow them, which make the platform even more vulnerable. The open source nature of WordPress means a lot of damage can be done also through vulnerable WordPress themes and plugins or through automated exploits, which can destroy your website and your reputation. These are the top WordPress issues and vulnerabilities that are being exploited by hackers. Having acquired with the latest security tools, at CPWebHosting – cheap hosting provider you can easily develop or create a website with full high security so that the hackers don’t exploit your security.

CPWebHosting – A secured hosting provider gives some tips on WordPerss Security:

1. Insecure Plugins and Themes : WordPress offers many free plug-ins and themes that enhance the functionality of your website with minimum costs. However, you have to be aware of the fact that they may contain vulnerabilities or even hidden malicious code that can compromise your website.

2. Don’t use ‘admin’ username : Anybody who tries to get into your WordPress admin section will try with ‘admin’ as a username. If you change it, potential hacker has to hack both username and password. If you are running older version of WordPress (which I do not recommend), you can change admin username directly in the database.

3. Strong Web Password : A lot of WordPress issues can be avoided with good habits and a strong password is one of them. A good password protects your site from brute attack and acts as a security gateway for your site. If a hacker is able to hack your administrator account, then he can install scripts that can possibly damage your whole server. Do not use predictable and weak passwords.

4. Databases Access via a Root Account : All your WordPress content and web files are stored in one database. If you are using more than one web application, each application will have its own database. Your WordPress root account provides complete access to all your databases that are saved on the same web server or under the same web hosting account. If a hacker discovers your root account credentials, then he / she can get access to all your databases. Therefore, it is highly recommend to create dedicated accounts to access each individual database, rather than using your root account.

5. Move your wp-config.php file : In your wp-config.php file there is database connection info as well as other data that should be kept from anybody to access. From WordPress 2.6 you can easily move this file from root folder location. To do this simply moves your wp-config.php file up one directory from your WordPress root. WordPress will automatically look for your Config file there if it can’t find it in your root directory. This way, nobody except a user with FTP or SSH access to your server will not be able to read this file.

6. Database permissions : Database permissions allow a web application to access and also modify specific parts of the database. If database permissions are not tightened down, a malicious user can exploit such permissions and modify the database content and structure. Hacking attacks not only make cyber criminals rich and satisfied, they affect your site’s position in terms of search engine rankings. A site infected by spam is not only ranked low, it also gets highlighted, which adversely affects its reputation and business potential.