Over a third of websites (37%) are hosted on WordPress, making it the world’s most popular content management system (CMS). This includes everything from blogs to e-commerce sites that collect and process data protected under regulations like PCI DSS. While the popularity of the platform is good for WordPress, it is also good for cybercriminals.
Having a massive number of websites hosted on a single platform means that a vulnerability in the WordPress platform provides cybercriminals with access to a massive number of sites. The use of WordPress plugins and themes further expands the potential attack surface of WordPress-based sites.
Ethical Hacking Training – Resources (InfoSec)
This post describes eight of the best WordPress security plugins. Many of these plugins have both free and premium offerings with a wide range of features that help to close many of the common attack vectors used by cybercriminals. Installing even one of the free options can dramatically improve the security of a WordPress site.
WordFence is one of the most popular WordPress security plugins available for protecting WordPress sites. It offers a number of features to help protect WordPress sites against attack and to recover from a successful attack, such as:
- Protecting against use of passwords exposed in data leaks
- Real-time traffic monitoring and analytics
- Automated blocking of suspicious/malicious traffic and known malicious IP addresses
- Two-factor authentication support to protect against attacks leveraging compromised passwords
- Source code change monitoring to help identify and reverse malicious file edits after an attack
WordFence also offers a premium version of the plugin. This provides real-time updates of IP blocklists, firewall rules, and malware signatures. Additionally, premium users have access to improved support services and website reputation checking services.
2. BulletProof Security
BulletProof Security is a WordPress security plugin that boasts a number (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Howard Poston. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/-7QIARuBb-0/