13 Reasons Why WordPress Hacks are Successful

In the attacker’s world, all vulnerabilities and potential exploits work toward the hacker’s advantage — not yours, not mine. This includes WordPress hacks.

While living back east (over a decade ago), I was friends with several small business owners. One weekend morning, the owner of the local photography studio called me at 7 am and said: “I think I’ve been hacked.” I could hear the soft clicking of a keyboard in the background. Once he began describing the state of his hacked website — all those sweet clicking keyboard sounds erupted into a wild swarm of pissed off bees.

Meanwhile — still brain-fuddled and immensely groggy — I asked him a crucial question, “do you have a backup?” Dead silence ensued. I held my breath. Maybe he held his, too. After about ten seconds, he replied, “No, I do not have a backup.”

For the most part, WordPress hacks can be rather complicated, and if you don’t have a backup, a hacked site will make an adult wail like a baby.

13 WordPress Worst Security Practices

WordPress hacks happen all the time. Keeping your WordPress site safe from cybercriminals requires that you avoid plummeting into the froth of WordPress worst security practices. When a WordPress site broadcasts worst security practices, you can rest assured — the bad guys will always line up to listen.

WordPress worst security practices include:

1. Minimal or no WordPress maintenance (not updating core, plugin, and themes).
2. Not backing up the database and files.
3. Lack of malware checks, security scans, security plugins (or services) and security monitoring.
4. Failure to limit login attempts.
5. Failure to use sitewide SSL.
6. The use of weak passwords.
7. Using the default user admin account instead of using a custom name.
8. Adding too many admins (use caution when giving user privileges).
9. (Read more...)