Patching WordPress Security Holes

For any business with a modern outlook and an online presence, a premium site such as is offered by WordPress is a must. It makes a business look professional with the use of high-quality WordPress themes, increases traffic and helps to spread the word.

Unfortunately, having a WordPress site brings with it a plethora of security concerns. It is necessary to be vigilant, to do regular checks and to use the tools available in order to keep hackers at bay and protect the financial future of the business. After all, using security holes in a site, it is possible for a hacker to access bank account and other sensitive information, possibly leading to a loss of money and even the site itself until the damage can be repaired.

There are many types of hackers today including single human operators, single bots or even a botnet, which is a network of bots operating in tandem, sometimes in quite large groups. This article will outline some necessary steps to take in order to repair security holes in a WordPress site.

Basic Problem Areas
  • Passwords – This is one of the first errors to consider when it comes to security. Surprisingly, many continue to use passwords such as “password,” “1234567,” or other easily guessed character combinations. It is of vital importance to make passwords very difficult to guess, with complex strings of numbers and letters; it sometimes helps to choose a password only the site-holder could know. Even a password such as “Jane9999” is entirely too easy for a hacker to guess or find through random sorting.
  • Usernames – A similar problem arises with usernames. Many use their own names, or easy choices such as “administrator.” Here again, it is of paramount importance to build a complex and obscure choice of username.
  • Unprotected Files – It helps to ensure that all files related to the site are password protected; this makes it much more difficult for critical information to be obtained from such documents.
  • Unsafe Computer or Server – the hardware and ISP technology used by a WordPress site owner can have an effect on the strength of security. It is important to choose a reputable and trustworthy ISP provider where sites sharing a server are kept separate and secure.
  • Other issues – Issues with file permissions, plugins, themes, old and outdated software, using default names on database prefixes, and more.
Basic Solutions

Although the partial list above of problems and security holes may look insurmountable, in fact many steps can be taken to prevent some of these problems from cropping up. Making backup copies of all important information, including customer databases, files, sales records, and anything else involved in the running of the business, can be crucial if the need should arise to reset the site due to hacking activity. This can and should be done in multiple places and formats, including CD-R and DVD-R, flash drives, and services such as WordPress’ Snapshot Pro; other services are also available such as Cloud and VaultPress.

Keeping the WordPress site up-to-date can be critical; updates are issued often, and attention should be paid to keeping these updates installed; many of them help repair previous gaps in security.

Since plugins and themes can lead to holes in security, it is recommended that the user refrains from using unknown or untrustworthy plugins or themes. WordPress features a directory for each, and there are sufficient choices to allow for most styles of customization without putting the site at risk.

Installing a security plugin is also an excellent way to keep information safe on a site. Some plugins available include WordPress Firewall, NinjaFirewall, Sucuri Security, All-In-One Security and Firewall, and many others; however, it will pay off to research the plugin and ensure that it is safe and secure.

Scanning Software for a WordPress Site

The scanning of a WordPress business site, as well as its server, can be one of the most important steps in closing security gaps. There are many available, and some specialize in particular areas of security. Acunetix deals with vulnerabilities in the network. Norton Safe Web and Unmask Parasites will show whether malware or similar infections have taken place already. Sucuri SiteCheck scans for existing malware and looks for out-of-date features in the site. WordPress Security Scan is WordPress’ basic security system; it looks for security holes and vulnerable areas in a general way. There are many more such scanning systems available for use, and they will help to keep intruders out by keeping an eye on the current state of the system.

Plugins for Detailed Scanning

A detailed scan can be a good way to discover weak areas of a WordPress site as they crop up. Reputable detailed scan plugins are updated regularly in order to avoid adding to security issues, and can be used on networks per the individual site. Some of the most useful plugins include:

  • Plugin Inspector – The usefulness of this plugin comes through its use of a database; commonly used hacker code as well as outdated features or functions will be exposed and the user sent an email notification, although Plugin Inspector does not perform the resolution.
  • Total Security – This plugin checks installation, monitors the site constantly for security holes, and sends notifications with instructions on how to proceed in order to handle the problem. This solid scanner plugin offers useful reports.
  • Vulnerable Plugin Checker – This scanner runs automatically twice a day, and although it does not perform repairs, it does send prompt messages to inform the site owner of problems. It is a good choice for finding security gaps early on before they can be exploited.
  • Vulnerability Alerts – It doesn’t repair security holes, but this plugin makes itself useful by finding vulnerabilities in files, themes, and other plugins. This product offers links to further information about the security problem in question, and notifies the user when issues crop up.

All of these measures will help to prevent security holes and loss through hacker activity, but of course, they are not guaranteed to catch everything. It is always a good idea to check WordPress for articles and updates on keeping the security of a site in top condition.

Web developer Richard Sutherland has been working with WordPress, Joomla, Drupal and other content management systems for over a decade. Graduating from Edinburgh’s Heriot-Watt University in 2000 with a Bachelor of Science in Computer Science, Richard has held a number of prominent website development roles at major companies such as Samsung, ASDA and Prudential.

Leave a Reply

Your email address will not be published. Required fields are marked *