With the popularity of code-free website building software such as WordPress growing, there has never been so much opportunity for website hackers as there is at the moment.
This blog post looks at the growth of content management system (CMS) based software (such as WordPress), how hackers are utilising the vulnerabilities in the software and what you can do to mitigate the risk of a cyber-attack on your website.
The Rise and Rise of WordPress
WordPress now powers more than 40% of every website that you visit and 65% of every website that uses a CMS (source). This is a phenomenal achievement in a relatively short space of time.
Major businesses such as Microsoft, Zoom, Intuit and Udemy now use WordPress to power their websites. It’s more than likely that your website is powered by WordPress too.
But this popularity and the fact that the software is open source, has resulted in the software that powers your website being vulnerable to cyber-attack.
Website vulnerabilities exposed
WordPress software is open source, meaning it is freely available to download and use to build websites. The software development is contributed to by thousands of developers worldwide, meaning that frequent enhancement and security updates are released to the general public, so they can update their website software accordingly.
If software updates are not performed when notified, this presents a major security vulnerability, resulting in that piece of software – and your website – being at risk of cyber-attack. Cyber criminals have seized upon these opportunities to attack websites in various ways such as DDoS and SQL Injection attacks (source).
In fact, the highly publicised Panama Papers leak was attributed to in large, by a WordPress plugin that was out of date (source). This highlights the need to ensure your website CMS software is kept up to date.
Mitigating the risk of cyber-attacks on your website
Your website will never be 100% secure from the possibility of cyber-attacks. However, the following recommendations will, if implemented, help to ensure that your website is as protected from cyber-attacks as it can be.
- When creating your WordPress user profile, always change the default ‘admin’ username to your own.
- Change your user password regularly using a random password generator (you may also want to incorporate password changes into a password manager account).
- Delete any unused WordPress themes and plugins.
- Use the minimal number of plugins that are needed to deliver your websites needs.
- Ensure that your website is being backed up daily, so if the unthinkable does happen, you can restore your site with minimal loss of data.
- Install a reputable WordPress security plugin such as Wordfence to monitor and defend any possible cyber-attack attempts on your website.
- Always process updates to WordPress core, theme and plugin software.
You may also want to consider off-website factors, such as the security of the servers that your website is on. Your website host should be able to provide information about the security measures they have in place to protect your website.
Intelect Group can provide comprehensive assessments and services around cyber-security and will be happy to assist you.
Leave a Reply