The top 5 vulnerabilities in Wordpress.png

WordPress Security remains important

WordPress Security has become a big and important topic and this is mainly due to the fact that WordPress now drives almost 30 percent of all websites and blogs. Even large portals often use WordPress in the background and so it is no wonder that the CMS has become the number one target over the years. The wide distribution brings clear advantages for hackers, because on the one hand WordPress can be attacked relatively easily in an automated way, on the other hand security holes found are not unique, so that millions of other blogs can be attacked as soon as a hole is found. Freely according to the motto: We can get into any one of them. But how can you protect yourself? Time to get back to the topic of security.

The vulnerabilities in WordPress

The first question is where potential attackers actually start. This question is very easy to answer, because most of the time it is plugins that bring a security hole. This is quite paradoxical, because even so-called security plugins, which are actually supposed to provide more security, have been known in the past to have negative vulnerabilities. So security holes in plugins are generally hard to avoid and so every extension automatically becomes a potential vulnerability, so that in the end every plugin is a serious threat. But let's have a look at the top 5 attacks on WordPress that security companies have published in the past. The following Top 5 vulnerabilities in WordPress result from these numbers.

Top 5 vulnerabilities in WordPress infographics

Plugins remain the biggest security risk

At the top of the list are the plugins. I've been saying this since my early days, but people still haven't understood it. Fact is: An unbelievable amount of plugins in the official directory are outdated, almost half of them, as a matter of fact. In addition to this, round 10 percent of the most popular extensions have security holes or vulnerabilities, so that the extensions that are most often maintained. Apart from that, almost every beginner can publish a WordPress plugin and so many of the plugins are not written cleanly and safely, but rather as holey as a Swiss cheese. The plugins account for about 55 percent, because this is where most hacks are found and through plugins etc. it is possible to attack WordPress itself again and again. The extensions serve quasi as an entrance door.

This is followed by the simple brute force attacks. For example, if you don't have your admin with a .htpasswd which is under constant attack. It looks like the system automatically tries to log in with typical user names. "Admin" for example, but also names of authors that can be found out relatively quickly using WordPress. WordPress itself is also insecure with 10 percent from time to time, but WordPress is rather a small problem here and if you don't use old versions, there is little risk of being hacked with the frequent updates. Themes and wrongly programmed servers are rarely the reason for a hack, but especially overloaded themes are still a big security risk because they integrate functions similar to plugins. Nevertheless, themes are surprisingly rarely the weak point.

Security is a combination of many factors

All in all you should not take the values too seriously, but they give an approximate overview of the typical problem areas of WordPress. All this is based on published statistics of the big security companies, which from time to time reveal facts and figures and show where exactly the weak points of WordPress are. But they also show that plugins, as mentioned again and again, can cause big problems and make clear once again that the absolute goal should be to use as few plugins as possible. Not only because of the performance, but especially because of the big topic WordPress Security. And don't forget: Also Security Plugins for WordPress can become a security breach and it would be not the first timethat something like this could happen. In the end, security is an interaction of many factors.

About Christian

My name is Christian and I am co-founder of the platform fastWP. Here in the magazine I am responsible for the more "technical" topics but I like to write about SEO, which has been my passion for over 10 years now.

Leave a Comment

Your email address will not be published. Required fields are marked *

en_GB