What makes people hack websites? Often it’s for personal gain. In one recent case, however, it was an employee’s personal revenge against their employer, who just happened to provide WordPress plug-ins. Hapless businesses using the plug-in were caught in the crossfire.
There’s no way to tell whether your site will be the next one caught up in WordPress security issues. But there is something you can do to be prepared.
Although statistics show that WordPress sites are among the most commonly attacked sites, that’s not due to a flaw in the core software of the platform. It’s just that the vast majority of website owners use WordPress as their CMS of choice.
More sites on the platform means more opportunities for hackers to target multiple victims without having to do more work.
So if it’s not the CMS installation itself that tends to be vulnerable to attacks, then what is it?
According to the Computer Business Review news article, “WordPress plug-ins are widely regarded to be one of the single greatest security threats to WordPress users.” Plug-ins are not regulated by WordPress, which is an open-source software. Every single plug-in you install could be made by a different developer than the others.
So your only remedy is to research every plug-in you use on your site, and its developer. Make sure you can trust the company developing your plug-ins. After all, your company’s reputation depends on it.
And that’s not just when you first install them. Previously dedicated developers have been known to drop a plug-in and stop maintaining it. When that happens, security patches cease to be updated, and a formerly safe plug-in can become a window of opportunity for hackers.
It’s hard to know where your own vulnerabilities lie. Getting a security audit from an external company ensures that potential security issues with WordPress get investigated - even those you never thought of.