As our regular readers know, for various reasons we prefer custom website builds for our clients (10 reasons why web developers should not use WordPress), and although we can and have made them, we wouldn’t consider ourselves WordPress web designers.
However, a few of our clients are on WordPress, and it’s our responsibility to keep their installations secure.
One plugin that we’d strongly recommend is Wordfence (www.wordfence.com) which uses various methods to detect and block attacks. Furthermore they have a global network that ‘learns’ from attacks and uses this information to protect others.
According to Wordfence there are currently 15,785 WordPress attacks a minute, and this sample is taken only from installations using their plugin.
This is a truly scary statistic, and is likely to be exploited as an unsecure WordPress or plugin version can give attackers a single way of exploiting thousands of site at once; a bit like a burglar having a skeleton key to thousands of houses.
This really isn’t scaremongering; we inherited a client because their current WordPress web designer couldn’t keep their website secure and it was compromised. With their permission we managed to discover a known vulnerability in their RevSlider plugin, and hack in to their website in under 45 seconds, literally. Gaining access to their website in this way gave us their password giving full database access to their website. Furthermore, we know of famous websites still with the same vulnerability.
Although not a ‘one size fits all’ solution, there certainly is a place for WordPress websites; however it’s of utmost importance that installations are kept secure.
For those who use WordPress our top three security tips would be:
- Install (and keep updated) the Wordfence plugin.
- Ensure that the main installation and all plugins are always updated to the latest version.
- Keep a note of what plugins you use, and ensure that your web designer searches for any vulnerabilities on a regular basis.