WordPress in an open source content management system(CMS), based on PHP and MYSQL, it is host to a lot of the world’s blogs and websites, supporting more than 60 million websites it is the most popular web host. It was released on May 27, 2003, by its founders, Matt Mullenweg and Mike Little, as an of b2/cafelog. WordPress is released under the GPLv2 (or later) license.
POSSIBLE ATTACKS ON WORDPRESS AND HOW TO PREVENT THEM
These are attacks aimed at getting access to someone’s wordpress page by trying different combination of words and numbers in order to guess their login details, its normally done by bots, this is one of the most commonly carried out attacks according to wordfence (wordpress’s security website), it’s an attack on the weakest part of any website; you. Except gaining access to the website, another way the attack affects a website is by making your server run out of memory. This happens because of the number of http request that is sent to the server within a very short time.
HOW TO PREVENT BRUTE FORCE ATTACKS.
Use Strong Passwords:
The importance of strong and unpredictable passwords cannot be overemphasized, easily guessed passwords like; “password, admin, pa55word” can be easily guessed, passwords should not contain your name or anything related to your page, your password should not be a dictionary word or your website will be hacked in no time. A good password should have a good length (10 characters is fine), should be alphanumeric and contain symbols. A password manager should be used if possible.
Two Factor Authentication(2FA):
in the event that your page gets compromised through brute force or any other means, 2FA provides an extra layer of security for you, this ensures that your page doesn’t get broken into easily. It requires not only a username and a password, but also something unique that only a particular user has access to. it could be a token, an OTP etc.
(Meaning “Completely Automated Public Turing test to tell Computers and Humans Apart”) This helps in slowing down brute force attacks, they help reduce the number of spammers and bots accessing your page. If you don’t know where to find them or install them click here .
To know more about how to prevent brute force attacks click here.
Web hosting companies sometimes make mistakes that makes them vulnerable sometimes it could be the platform they are based on that has some vulnerability, either way, them being vulnerable makes anyone that uses their service vulnerable as well, a way to avoid this is by picking a host that has a good reputation when it comes to security, for more info on how to choose a good host click here.
PLUGINS AND THEMES
Plugins and themes are some of the reason why we love WordPress, there are tons of them, developed by tons of developers, but they also pose security threat, because of any plugin or theme has a vulnerability, it could be used to attack all the pages that uses that plugin or them. Im not saying that we should avoid them, but we should use as little as possible and only what we need, there is no point keeping a plugin that is not being used it only increases the places attackers can attack from. We should also make sure that our themes and plugins are always updated and still being supported by the developer, because an outdated and unsupported plugin or theme just screams “attack me”.
Keeping WordPress safe is relatively easy and just requires a little work from the admin, the developers have already done most of the work, all we have to do is just do the extra not so hard work to keep it safe.