You work hard to make your site awesome. And with all that work you put in, the last thing you want to do is lose your site to some malicious hacker. When it comes to hackers and WordPress, plugin vulnerabilities are one of the easiest ways for the bad guys to get in.
Because of its popularity, WordPress is a magnet for hackers. According to Sucuri’s Q1 2016 Website Hacked Trend Report, 78% of the hacked websites they deal with were running WordPress. And based on a survey from WordFence, 55.9% of WordPress hacks with known entry points were a result of plugin vulnerabilities. This makes plugins by far the biggest known contributor to hacked WordPress sites.
In this post, I’ll take a good hard look at some proactive steps you can take to prevent your site from becoming vulnerable to plugin exploits.
Why Do Hackers Want Access to Your WordPress Site?
If you’ve never been hacked, you may wonder what it is that makes hackers so interested in your WordPress site. For me, it was so that they could redirect my visitors to sketchy pharmaceutical sites. But that’s not the only reason they might want in.
But before I get to those other reasons, let’s start with something to make you feel a little better. It’s probably not personal. Most hackers are simply trolling for known vulnerabilities. These are typically crimes of opportunity, not passion.
Once they find a vulnerable target, they pounce in a few ways:
- Injecting links to artificially boost their sites’ SEO.
- Redirecting your visitors to different sites. The nasty redirects don’t affect you – so you might never know until you see your stats disappear.
- Installing malware on your visitors’ computers.
- Stealing your server resources for spam emails, DDoS attacks, or other nefarious purposes.
You don’t have to be a victim, though. Shoring up plugins as a vulnerability vector, as well as implementing other basic WordPress security tips, can protect you from most of these attacks. And you can keep your site humming along smoothly.
How to Mitigate Security Issues With Plugins
While it’s always possible for something to slip through the cracks, following these plugin security best practices will go a long way toward keeping your WordPress site safe.