Websites are hosted on cloud due to the ease it gives in deployment compared to having them on one’s own infrastructure. While there are a lot of positive aspects, security is one of the main & important limitations that are on the negative side of cloud hosting. Storage of vital information as in audit logs is one thing that is quoted as an example of a security attack.
The auditing methods we have in place for firewalls & intrusion detections may be configured but not monitored or analyzed at periodic intervals and the impact isn’t any easy to ignore! Just counting on the website access logs isn’t enough; in addition what’s the frequency of collection, since when is the collection made, is there an access to the logs are all things to be noted.
The below info-graphics covers gives you an edge on hacks on WordPress and security for WordPress,
Hosting contributes to more than 40% of the WordPress attacks, while themes do close to 30%, Plugins do close to 20% and loose passwords make it to the rest of the attacks. Websites not content-managed or those not managed using the right content management software are at the risk; these websites account to more than 80% of those being attacked. Web host servers left with no upgrade contribute to more than 10% of the attacks. Ask yourself if you are using the content management platform that suits your needs at the best!
A website is hacked every 5 seconds and 30,000 are attacked in a day! Out of 1000,000 websites, more than 40000 run on WordPress and of these 30000 of them are among the ones having versions of WordPress vulnerable to attacks. This means 73% of the most 40000 most known sites are extremely visible to the eyes of hackers!
WordPress plugins are the biggest contributors to WordPress attacks; 1305 of them are known today by way of vulnerability databases contributing to a huge 54%. Next comes the theme vulnerability that accounts for 344 attacks, which is 14% of the total while the rest 700s (31%) are WordPress core vulnerabilities! Cross-site scripting and injection of SQL form the base of these plug-in & theme attacks.
WordPress versions 3.0 and 3.0.1 occupy the top most position among easily attacked WordPress versions followed by 3.5, 3.5.1, 3.6. Among the most vulnerable plug-ins, 5 are commercial & they are downloaded around 20 million times; sadly one of them is a security plug-in from WordPress. Yithy, appius, infocus, shotzz, echelon are some of the highly attacked WordPress themes.
While you make a note of how important it is to have responsive web designs/responsive websites/content management, it’s necessary you know more on why there are attacks on websites and how to go about dealing with them!
To prevent hacks on WordPress, there aren’t any complex procedures but a few highly important check points when regularly taken care we are at no risk of our WordPress sites getting food for the hackers. Stay tuned with us to know on these check points or prevention measures to be sealed from malicious attacks! Ask us more at QeHTML.