With a worldwide adoption of 40%, WordPress is by far the most popular CMS, which is certainly due to its swift and uncomplicated installation procedure, but also to the seemingly endless number of Themes for any kind of possible applications.
Unfortunately, the most popular CMS has to ward off the most attacks. It is pretty comparable to Windows-PCs and Apple computers. Just because of a market share of far more than 90% of all PCs worldwide, the Windows-PCs are targeted by the concentrated criminal energy – hidden in emails and websites – in the form of Phishing, Keytrackers and other malware, while Apple users remain relatively spared. It is simply not worth it to code malicious software for a small minority of Apple users.
Each website operator, whether of a company, of an organization or as a Blogger has certainly heard of crashed websites due to overloads caused by DDoS-Attacks (Distributed Denial of Service) or Brute-Force-Attacks (username/password hacks) caused by using so-called Botnets. In this context, WordPress appears with markedly regularity in the relevant off- and online media, and appears to be supposedly unsafe.
Don’t allow yourself to be led astray! There is no secure CMS and none is more secure than others. Each of them have relevant weaknesses in the usual suspected areas, which are the targets for attackers. WordPress just seems to be insecure, because of its wide spread usage and high popularity and therefore it is much more often attacked than e.g. Drupal, TYPO3 or Joomla. But this might even be an advantage, because it forces the WordPress-Development-Team to work significantly harder than the others in keeping their product safe. Anyway, the short time between the Security-Update releases might be a proof for it.
Generally speaking, all Webmasters are concerned about the structure, visual attractiveness and the effectiveness of their SEO measures of their website. Also, how to increase their affiliate conversions. But hardly anyone spends enough time to ensure his CMS as far as possible and maintain its security. But it isn’t very difficult, because there are just a few significant measures required to render mass attacks futile.
In many cases of security breaches, vulnerabilities are mainly self-inflicted. At first, for example, there is the username, which is ‘admin’ when WordPress was freshly installed, but it is rarely changed later on. Then, in creating a password, which is often the name of a friend or family member, the website is left widely open to abuse.
Both, username and password should always consist of so-called ‘cryptic’ words, such as
=6wsfUk2d?3Axl&R25r7YecI§W)N
Passwords like this don’t make any sense and therefore they are near impossible to guess. Add to that a few special characters like ?)&%$ with sufficient length – as in the above example with 28 characters – will make the password very safe and if so, probably only breakable by the NSA, which probably has the most computer power worldwide.
Furthermore, there are several other measures one could employ, such as simply implementing a few lines of code at some crucial points. Also, with the help of some effectively working Plugins, most of the attacks will be repelled.
STUDIO GRAVES is already implementing such measures in a new WordPress installation – but it is also quite possible to seal such security breaches subsequently on already existing WordPress websites.
All this refers to the endless mass of indiscriminate attacks that have randomly chosen your website.
If there are real security threats to your website by malign individuals who possess the knowledge and the technical ability, they will probably be successful sooner or later. Since websites consist of nothing but code – which is unfortunate nowadays – it will always be breakable at some points in time.
Therefore, STUDIO GRAVES can not assume any guarantee.