It is possible for your WordPress site to get hacked, but it doesn't have to be.
Here are our Top 3 Ways to Boost Your Site's Security and prevent hacking.
Hackers are always pictured with hoodies on. Do all hackers, in fact, wear hoodies? Mr. Robot does...
Wondering if your WordPress site will get hacked?
Perhaps you've already been hacked (so you already know the answer to that question) and you're wondering what to do to prevent it from happening again.
Simply having a WordPress site is not alone enough to guarantee its safety from hackers. WordPress is a great platform for building websites (which is why we use it), but a good platform is not enough to make a website secure.
Sites become more vulnerable when more "stuff" is added to them. According to wpmudev:
While the core installation of WordPress is very easy to use and relatively secure, the more you add on top of it via plugins, themes, and custom code, the more likely it is to be hacked.
It's super important to maintain site security, as hacking can and does happen a LOT (in 2012, over 170,000 WordPress blogs were hacked) and the downtime to fix it could potentially damage your business and/or your business' reputation.
So... Will my WordPress site get hacked?
Easy answer: It could, but it doesn't have to.
It mostly depends on your site's level of security. Think of your website as a castle. To secure it, you need to fortify it with a wall, perhaps a moat, armed guard, and so on. There are lots of measures you can take to bolster your site's security. Here are our Big Three.
3 Easy Steps to Secure Your WordPress Website
1. Regular Updates
Update WordPress, themes, and plugins regularly*. These things are always evolving to improve upon the performance and security of the previous versions. And by the time the updates are out, the security holes from previous versions have been made known to the public, making out-of-date sites especially vulnerable to hacking.
In 2014, WP WhiteSecurity reported the following information about hacked sites:
- 41% of hacked WordPress [sites] were hacked through a security vulnerability on their hosting platform
- 29% were hacked via a security issue in the WordPress Theme they were using
- 22% were hacked via a security issue in the WordPress Plugins they were using
- 8% were hacked because they had a weak password
Choose secure plugins. Anybody can put a plugin on WordPress, and some of them will make your site more vulnerable. A good rule of thumb when you're searching for a plugin on WordPress: make sure the "Last Updated" section is within the last six months.
Delete themes and plugins you aren't using, and don't overdo it on plugins. Too many plugins can also affect your site's speed and performance.
*If you host with Website Muscle, we perform plugin updates regularly. We use WP Engine for hosting, and they provide automatic WordPress updates and daily site backups.
2. Strong Passwords
This is a super easy way to add protection to your site. Rules of thumb for creating strong passwords:
- use special characters, numbers, and caps
- string 4+ random words together (source: WP Engine)
- do NOT use any personal information such as names or dates
3. WordPress-Specific Hosting
Your hosting provider is one of the most important determining factors of your site's security. We use and highly recommend WP Engine for WordPress site hosting. Here are just a few of the benefits of WP Engine:
- it's for WordPress sites only
- it runs firewalls to protect your site
- proactive, real-time security threat detection
- automatic site backups daily
- regular updates to WordPress
- if you still get hacked, they'll fix it for free!