Web site security issues with WordPress have become known problems as a majority of WordPress sites and blogs are vulnerable to various forms of cyber-attack. This fact is especially troubling since one in five websites worldwide is now powered by the WordPress blogging software and content management system. Some IT security experts report that over 70% of sites hosted on this platform have some vulnerabilities, increasing the chances of information theft or the planting of malware on the given site. A few of the most common security problems include SQL injection, easy access to sensitive backend files and administrator accounts that can be hacked too easily.

SQL Injection

WordPress uses Structured Query Language (SQL) databases to execute a number of tasks on the server side. When a SQL security breach happens, hackers inject commands into the database that trigger specific database actions. This kind of action can reveal sensitive personal data or allow hackers to deface or modify a website’s content. Some similar types of hacks can trigger commands in PHP that inject malware into site visitors’ computers the next time they click on a link to the infected website. To prevent this security breach, site developers need to access the site’s .htaccess file and modify the rules that allow many cyber attacks of this kind.

Access to Sensitive Files

Some of these WordPress files that need to be kept private include the install scripts, the “readme” file and various configuration files. Adding commands to secure these files is done in the same .htaccess file that developers use to block SQL injection attacks. Added commands need to block access to both the website server and to the WordPress installation itself.

Vulnerable Admin Accounts

Current WordPress installations include a default admin account with the user name “admin.” Hackers often access this account by guessing passwords. The process for eliminating this vulnerability is easy; site owners simply need to create a new account with a new user name and administrative privileges. They can then delete the default admin account, significantly reducing the chances of hackers guessing both the new username and password.

These three security holes are among the most common ones leading to WordPress site breaches. Applying trusted security measures and being aware of continuing threats will strengthen a WordPress blog or website against the often-serious losses from this kind of data breach. For more information, contact us today.