WordPress is a very easy-to-use, powerful CMS and therefore tons of people use it to manage their sites. With such success, it has become one of the targets for lots of (black hat) hackers that are continuously working to break into other people’s sites to use them for their illegal purposes (such practices as hijacking, scamming, phishing and many others)
As soon as a WordPress vulnerability is discovered, these hackers will immediately try to exploit it.
WordPress developers do a great work at solving these vulnerabilities, through new improved versions.
But, quite obviously, you need to stay current to stay protected. I’ve seen big companies fall victims of vulnerabilities just because they didn’t maintain their WordPress site current (sometimes because the developer didn’t even offer a maintenance)
To give you a hint at the volume of attacks to a blog, this modest blog got 3,675 login attempts just last month.
In this second chapter of recommendations, our thumbs up goes to Wordfence.
This plugin does some basic, yet powerful, WordPress site protection. Among others:
- It hides the WordPress version (googled by hackers to find their next victims)
- Hides some tags that hackers can benefit from
- Disables php error reporting to non-admins
- Disables Database error reporting
- (see the full list in the link above)
So, please remember:
- Keep your WordPress installation current (CMS, plugins, database and operating system)
- Always keep a backup of your site (both the code and databases) because the worst does happen. And keep it in a safe place (please, don’t just keep it in your host)
- Protect your site with this and other tools
- Use a secure password, and keep it in a safe place.
- Don’t think this is all to it and further investigate on the issue.