Securing your WordPress site against hacks
Ensuring that your website is protected against hackers is no longer a difficult task. With the fast growth of WordPress sites, protecting yourself from outside intrusion is very important, and is as simple as clicking the update button. WordPress is frequently updated with new feature sets and security patches that protect websites from hackers.
The newest WordPress release, version 3.5.1, fixed several security vulnerabilities that affected all previous versions of WordPress. This vulnerability allowed hackers to remotely scan WordPress sites to search for information that would allow them to deface your website, and upload spam advertisements onto your page. Many sites that are still running older versions of WordPress are at risk of falling prey to these types of attacks simply because their site has not been updated.
We advise all WordPress users to update their site as soon as possible to ensure your website remains in your control.
However, hackers are not simply limited to software vulnerabilities, they can sometimes exploit simple passwords to gain access to your website. In a blog post at KrebsOnSecurity.com, security researchers have found that some hackers have developed a series of botnets whose sole purpose is to brute force hack the common “admin” account by trying thousands of common passwords. Once the hacker cracks your password, they have full control to write code to the WordPress files and add the site to their botnet to infect other websites. This is why we recommend our clients change the default username for the WordPress admin account, and/or use very complex passwords.
For more information on the latest WordPress bug fix and security patch, please visit WordPress.org.