How to protect your site against WordPress hacking

Do you use WordPress as your website’s content management system (CMS)? You are far from alone, it’s the most popular CMS on the market, being used by more sites than every other CMS combined.

A diagram from Web Technology Surveys shows a daily update of WordPress’ market position compared to other popular open source systems. Take a look at the chart for today, March 21 – the graph shows ranking by number of sites using the CMS and the popularity of those sites.

Screen Shot 2014-03-21 at 11.01.48 AM

So what does it mean if you are using the web’s most popular CMS? There’s good news and bad news. The good news is you can be confident will be supported for a long time to come. Third party developers will continue to develop extensions and plugins that will make the tool more useful to you and more customizable to your needs. WordPress will continue to get version updates containing user interface improvements and security patches. The bad news is it’s also a huge target for hackers.

A good rule of thumb when trying to predict malicious activity on the web is that hackers will follow the users. That’s why historically Microsoft Windows has been targeted by malware while Mac OS X is relatively unscathed (though this has become less true recently), or why the most popular web browsers are suddenly hit by attacks. Hackers want to spread their nets as widely as possible, so they spend time finding flaws on software with the most users. This is the case with WordPress, which is constantly targeted by hackers looking for known vulnerabilities left unpatched by administrators. An investigation done by WP WhiteSecurity in September of last year estimated that 73 per cent of WordPress sites suffered from a vulnerability, so the chances are your WordPress site is open to attack.

Ryan Dube wouldn’t be surprised to hear any of this. He had his outdated version of WordPress hacked back in 2011. Thankfully, he’s learned from his mistakes and now he’s finding some very practical ways to prevent it from happening again – and sharing them with the rest of us. This post describes using Detectify, a service that will find all the possible gaps in your WordPress site for you. Dube gives a step-by-step walkthrough of how to set it up and run Detectify on your site.

Given the results Dube presents, you may be surprised by what you find. For example, Dube was convinced he had avoided publishing any email addresses on his site, in order to avoid spam. But Detectify found several addresses published in plain text.

Brian Jackson
Brian Jackson
Editorial director of IT World Canada. Covering technology as it applies to business users. Multiple COPA award winner and now judge. Paddles a canoe as much as possible.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITB in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web