How to: Security for WordPress

First of all, when it comes to “cyber security” issues, there is never the final solution and guaranteed security. Instead, the net is just always a rat race. Between those who keep their belongings and those who want to do the same. No sooner have you solved a problem (supposedly), is already the next one in front of the door. This is one of the irrefutable foundations of the web.

Likewise, anyone will try to abuse your site for something. This can be a direct attack because someone is interested in your data, passwords or other things. At least as unpleasant it is, however, if someone wants to abuse his site as a means of transport, as a platform. Again, to cheer or steal something from your page users. Whatever the motivation, it’s never a good thing.

To explain something else: WordPress has become the world’s largest and most important CMS. Accordingly, it is popular as an attack target. While much of this “how to” refers to WordPress, it’s basically just as valid for other content management systems.


Also interesting: WordPress 5: So it goes on in 2019

Why me?

Why does a hacker choose my site for an attack? Good question. What many do not know: Maybe the attackers did not want it for you. Instead, they’re trying to infect tons of websites with a few nasty tools. They pretend that they automatically attack websites that have not stuffed certain security holes. If the site is then infected, for example, it distributes malware (malicious software such as viruses or Trojans) to visitors to the website or is abused for SPAM delivery.

Especially a program like WordPress with its dominant market share is a popular target of hacker attacks. And there are plug-ins. Which is why you should be careful when installing everything else. Themes and plug-ins should only be installed enough to ensure daily operation. Also susceptible is the comment section. WordPress allows only a few HTML commands in the comments. But this has always been enough for hackers to attack sites.

Test your page!

You do not necessarily recognize a hacker attack immediately. A good early warning system is sites that check your URL. Since many associate such a check with the offer to work for you, I give here no explicit recommendation. But if you search for the appropriate terms, you will find plenty of such pages. It’s a bit like the doctor’s check-up. Normally, nothing disturbing happens.

What are the consequences of being hacked?

This varies from case to case. The only certainty is: you have a lot of trouble on your neck. Above all, because the external effect is fatal. If you suddenly have dubious advertisements on your page or, worse still, your site is used to infect others with malware, that’s at least very unpleasant. It is not conducive to your reputation either.

A bit off-topic, yet a mixture of bizarre and funny: Here you can see what’s behind scam advertising. If you’ve seen that, you should have an interest in it just because that does not happen in your environment.

It gets worse when you land on blacklists. If this is the case with Google, for example, you will fly with your page from all search results. What that means, you can easily figure out yourself. Although you can request that Google resume after a successful cleanup of your page on Google. But even if that worked, it’s not said that you get your old ranking back.

Other possible consequences: Data theft or unusability of the site.

Is there protection?

Security plug-ins are basically good for WordPress users. They promise protection against hacker attacks, which can meanwhile pass through a wide variety of entry gates. Nevertheless, they do not give a guarantee. Ideally, then, you can do it manually, either by someone in the company who can – or through external providers, of which there are now quite a few. Of course they are not free. But see above: The consequential cost of a hacker attack can be significantly higher.

You might also be interested in this:
The day my Instagram account was hacked

Leave a Reply

Your email address will not be published. Required fields are marked *