Thanks to its ease of use and customizability, WordPress is the most popular open source CMS platform in the world. However, the plugins that allow users to easily add features also carry a risk: Sites with 20 or more plugins were nearly three times more likely to have malware. Malware attacks can damage your site’s reputation and cost you money, especially if your site is taken offline or removed from search results. Knowing how to evaluate plugins effectively and use them safely allows you to maintain the functionality of your site without sacrificing security.
Category: WordPress Security Page 1 of 3
As the digital workforce continues to expand, more people are dependent on public WiFi than ever before. Whether it’s the local coffee shop or co-working space, the availability of an internet connection wherever we go has helped foster a growing segment of remote employees.
However, that convenience can come with a potentially hefty price if you’re not focused on staying secure when connecting to 3rd party WiFi signals. In this post, we’ll discuss the best practices for keeping yourself, and your private data, secure when connecting to public WiFi.
Is Public WiFi Safe?
The short answer is no.
WordPress is an open-source content management system, that uses a number of programming languages to run. One of those languages is PHP.
Your PHP Version is Important
PHP is an open-source programming language that WordPress uses to run internal functions and process database information. It is installed directly on your web server and managed by your web host. PHP is a living project, and like WordPress, is constantly being updated and patched for bug and security vulnerabilities. Newer PHP versions fix these vulnerabilities and optimize the processing and delivery of your website content.
Last week WordPress released version 4.9.7, a maintenance and security update. This update addresses a recently discovered security vulnerability, as well as 17 additional bug fixes. WordPress disclosed that versions 4.9.6 and earlier are affected by a security vulnerability that to delete files outside of the /wp-content/uploads directory. This could potentially allow users created by malware to delete files necessary to the core functionality of WordPress.
Ding ding ding! The bell just rang, and the match has begun. In one corner of the ring stands your WordPress website, flexing 15 plugins, a custom theme, and a brand-new layout designed to attract more visitors. In the opposite corner is a snarling cybercriminal, with an undefeated record in defacements and a two-time championship belt in malware infections. Is your website prepared to fight back?
In today’s threat landscape, cybercriminals are increasingly attacking WordPress websites. In fact, the average website experiences 44 attacks per day, and WordPress websites are two times more likely to be compromised than non-WordPress sites. As a website owner, it’s time to get off the mat and fight back!
Brought to you by SiteLock, Ask the Expert is our new Q&A series where we learn from industry innovators, thought leaders, and entrepreneurs about how they’re influencing their field. Throughout this series, you’ll find our interviewees share one commonality: they’re passionate about open-source content management systems (CMS), like WordPress, Joomla! and Drupal. Join us as we dive into a variety of subjects, including social media, blogging and website security.
Many individual and small company forays on the web are through WordPress on shared hosting accounts, and it’s not uncommon for a shared hosting account to hold multiple WordPress sites as needs and business grow. Site owners maintain each and every WordPress install, managing content, configuration, users and updates. At least they should. Maintaining multiple sites in a single shared hosting account is time-consuming and, as we’ll see, risky as each site on the account is a point of access that has to be secured.
A recent article reported that WordPress.com is moving to enable HTTPS by default on all of its 600,000 hosted sites. This is a huge security win for WordPress users and the Internet at large. It sets a high security bar for other entities to strive for, and of course helps protect users and visitors from prying eyes.
If you’re a WordPress.com user, one way to take advantage of WordPress’s exemplary efforts is to go further and enhance the security of your WP.com site with protection services.
CDNs are great for WordPress sites because much of the post content is static and can easily be cached and served by a CDN. With visitors receiving cached content from the closest CDN data center, origin server load decreases, allowing sites to load faster for site visitors. At the same time, serving a site from multiple data centers makes the origin server more robust. A fortuitous spike in traffic won’t take a site down as the data centers handle the increased load.
Visit wpdistrict.sitelock.com for the full story.
While reviewing malware, the SiteLock Research Team detected suspicious code in a WordPress plugin. We reviewed the suspicious code and found the plugin wasn’t malicious per se, though it was potentially vulnerable to attack. We will discuss the plugin and analyze its unique authentication issues, and then discuss mitigation and the dangers of using unsupported plugins.
Visit wpdistrict.sitelock.com for the full story.