WordPress - An easy target for hackers, but why

Wordpress is highly recommended site to create websites and blogs. It is an easy target for hackers because coders are not aware from these common mistakes in coding and creating site.

Outdated Plugin and themes are the main cause of its insecurity as SQL injections. SQL query is a trusted command but it also has a drawback as it provide access to attacker to authenticate system level commands sometime SQL queries allow access to host to make changes in admin panel and expose hidden data. The attacker creates its alternative existing SQL command to access on admin panel.

Here are some points to notice how it’s easy for attacker to target wordpress site.

  1. When you access your admin pages over an HTTPS connections (with SSL web server certificate), the username and password shows in clear text over the internet. It can be stolen. Most of the coders make the username “admin”. This is a big mistake as shown (wp_users SET user_login = ‘Yourname +_admin’  where user_login = ‘admin’;) and password should be more strong not a single word. it should be a phrase or a sentence.
  2. You must secure your computer. It’s easy to target an unsecure computer you have to follow these instructions for the security of your computer.
  1. Keep your OS and all programs updated
  2. Install Anti-Virus software
  3. Use personal firewalls
  4. Open sites via HTTPS whenever possible
  5. Use SSH or SFTP instead of FTP

 

  1. Vulnerable server software. Here are some weaknesses which allow attackers to attack on your site check these out and update your software.

. PHP-CGI vulnerability – versions before 5.3.12/5.4.2

. MySQL/MariaDB Vulnerability – version before 5.5.25

. Apache range header DOS – version before 2.2.2.

Update server software

Follow security bulletins

Hire professional sysadmins

 

 

  1. Wrong permission +isolation also cause for the hacking of your wordpress site.  Correct permissions are here:

FOlders: 755

Files: 644

Wp-config.php:444

 

  1. Router allows to access clear text Data over the internet. It depends on the geographical location of computer and web server, your data pass through more than 20 devices until it reaches the required destination. This data shows in clear text it become easy for hacker to tap into one of these devices and capture it. The hacker can see easily your username and password as explained before.

 

  1. Guideline for the secure wordpress website:
  1. use secret keys http://api.wordpress.rg/secret-key/1.1/salt    secret keys helps in security
  2. Move wp-config.php to parent folder. It is also helpful in security
  3. Use SSL for wp-login.php. It does not allow attackers to reach admin page.
  4. Allow admin access only from certain IPs. So that no other IP could access your protected pages.

 

  1. Apache Symlink Vulnerability. Problem is :     public_html/fred.txtà/home/otheracct/public_html/wp-config.php

Its solution is:   Add to httpd.conf or .htaccess file: SymLinkslfOwnerMatch

Make sure to update all the versions completely as improper update makes vulnerability. Ever if you update 80 percent but still vulnerability appears in wordpress website which make it easy for attacker to access your site and make changes into it. Please Click Here to Know More.