WordPress is the most commonly used blog engine, which is free to use and has an open source code. It is used mainly for the operation of websites, blogs and webshops. If your purpose is to have a great website in a blink of an eye, which you are able to develop later in parallel with the change of unique demands, you have found the best solution.
Why is it a blessing?
- As it gets more and more successful, the number of developers and supporters grow proportionately. They constantly look for bugs, vulnerabilities while they report and fix them.
- It is easy-to-use, so laymen can also have a nicely designed, stylish website that suits their taste, let it be business-related or personal website.
- Installation takes less than 5 minutes. Besides this, thousands of templates are available, ( supplementary programs ) in order to highlight and enhance the website.
Why a curse?
- As it is free to use, it soon gained popularity, which means it became a well-known victim of attacks. We advice to take a look at your settings while setting it up, this way you can prevent a wide range of attacks.
- E.g. : It worth changing the prefix of the database from the preset wordpress. You should not use „admin” as your username, because the hackers will try this option as the first element in the cracking process. The password should be long and strong enough. It worth generating the password with a program.
WordPress and targeted attacks
WP contains a TrackBack/PingBack function which aims to notify all of the linked blogs when a new article is published. WP users should disable this function, because hackers can start DDoS attack if they connect the WordPress to a botnet. This way, the website becomes a zombie, and in the future will remain available for the hacker to initiate pingbacks towards the target server, bringing it down.
In order to avoid bruteforce attacks against your website, it is advantageous to use the Limit Login Attempts plug-in, which puts a limit to the number of login attempts. If someone tries to log into the account several times, reaching the set limit, the IP will be blocked and won’t be able to access the WordPress again. The bruteforce attack is increasingly dangerous, because it can even paralyze the website.
As a wide range of official and unofficial plugins are available for WordPress users, it is almost inevitable to install one that has vulnerabilities and security gaps which can be easily exploited by hackers.
Latest WP Vulnerabilities
Let the curse be a blessing
Unfortunately, many of the wordpress users use the service with the automatic functions, does not pay enough attention to the proper username/password pair and they do not use the plugins that would make their websites more secure. Moreover, we cannot emphasize the significance of habitual updates. If you disregard the security patches, even shared webhosting servers can be cracked, where hackers can mutilate dozens of websites, causing huge financial damage and extreme drop in attendance.If you would like to turn this curse into a blessing, use BitNinja which defends your server from all of the above mentioned attacks. Being a webhosting company comes with a whole army of responsibilities towards the users, that is why we recommend to protect our own servers and the customers’ servers proactively with Bitninja.