Small businesses’ websites were attacked an average of 44 times per day during the last three months of 2017. That is what security researchers at SiteLockdiscovered when they analyzed 6 million websites in an effort to identify trends in hacked websites. One trend they found was that websites built using content management system (CMS) applications are at medium to high risk of being attacked.
WordPress is the most popular CMS application, according to market share statistics. Its popularity is largely due to the fact that it is free yet full featured. Because it is so widely used, the sites built with it are frequently targeted by cybercriminals. Here is what you can do to make your business’s website harder to hack if it is built on the WordPress platform.
Keep the Number of Plugins to a Minimum
WordPress offers many free plugins that you can use to enhance your website’s functionality. However, each plugin you use increases your website’s attack surface. The SiteLock researchers discovered that WordPress sites running 20 or more plugins were four times more likely to be infected with malware. Therefore, it is best to keep the number of plugins to a minimum. You should only install the plugins necessary to keep your website secure and operating the way you want.
When you need to add a plugin, it is important to do some research before installing it. Make sure it does not have a lot of security issues or other types of problems reported in its support forum. In addition, verify that the developer frequently updates the plugin.
Use Simple Themes
Themes let you customize how the pages in your WordPress site look and feel. The SiteLock researchers found that complex themes put websites at higher risk for attacks, so you might want to stick with simpler ones.
You should only install themes from reputable sources, such as the WordPress.org Theme Directory(they are reviewed) or well-known vendors. Avoid the temptation of installing free themes from unfamiliar sources, especially if they are free versions of themes you usually have to pay for. They might be from cybercriminals who have inserted malicious code into them.
Update the Core Software, Plugins, and Themes
Hackers like to exploit vulnerabilities in applications, so it is important to apply the updates that WordPress issues for its core software. These updates often patch newly discovered security vulnerabilities in addition to installing new features and enhancements.
It is equally important to apply updates released for plugins and themes. Updating the WordPress core application without updating plugins and themes is not adequate protection from hackers. If you are using a plugin or theme that has not been updated in a while, consider looking for one that is better maintained.
Finally, you should make sure that your hosting service is regularly updating its infrastructure and keeping its security measures up-to-date.
Not the Only Measures You Can Take
Minimizing the number of plugins, keeping themes simple, and making sure updates are installed are effective ways to make your WordPress site harder to hack. There are many other measures you can take, though, such as implementing a two-step verification system. We can help you develop a comprehensive strategy to secure your WordPress site.