WordPress is the world’s most used tool for building websites. There are thousands of themes and plugins for WordPress that provide a wide range of functionality and appearance.
The large number of WordPress pages also makes it a target for hackers that are looking for poorly protected pages and they take over and exploit as they please. If you have been subjected to an intrusion it is important that the page is meanwhile closed while cleaning the page. This makes it impossible for the malicious code to run and do more harm. Please contact support@loopia.com for more assistance with the website.
To intrude hackers often exploit vulnerabilities and weak passwords. You can read more about this here.
The security company WordFence made a survey in 2016 to find out what the main reason for the intrusion was. The survey was conducted with a questionnaire addressed by about a thousand people who had been subjected to an intrusion. The results of the WordFences survey are clear and we see the same trends for those pages where intrusion occurs on Loopia. In principle all security holes have some of the following points.
Luckily you can easily secure the WordPress page on all of these points relatively easily. You can read here more about the actions you can take to secure the WordPress page.
If you have had an intrusion the perpetrators have most likely put in harmful codes on the page. To handle this you can click this guide.
Security hole in plugins
The most common reason for intrusion is the security holes found in the plugins used on the website. In more than 50% of the pages this has been the way the intruders have recovered. Fortunately you can easily minimize this risk using these two steps:
- Update always the plugins.
- Do not use outdated plugins where the security update will not be created. This can be seen where you installed the plugin or here to see when the plugin was last updated.
Brute force attack
Brute force is when someone chases on the password by testing more common and unusual combinations. This method also accounted for a large part of intrusion by over 15%. This can protect you against using secure passwords. You can also make your user information more secure against this kind of attack with the help of various security extensions.
Security holes in WordPress and themes
Just as it’s important to keep plugins updated it’s also important to keep WordPress and plugins that has been installed updated. Together these are for more than one time signing.