Over 26% of website are using WordPress which make it one of the biggest target by hacker.
A study said about reported WordPress security vulnerabilities:
- 54% is due to outdated WordPress plugins
- 36% is due to outdated WordPress CMS core
- 10% id due to outdated WordPress theme
So there are some tips for WordPress security:
- Update your WordPress Core (Now is 4.6.1), plugins and theme.
- If you are too busy to check each site, there is plugin like jetpack can configure auto-update for plugins. Theme we do not suggest auto-update as it will probably overwrite the layout changes you’ve made. But you could use the staging plugin for big changes like theme updates to ensure everything is alright before roll-out.
- Install security plugin like Sucuri Security or iThemes Security.
- Remove the themes or plugins you no longer use.
- Regular backup. E.g. suggested to be done daily
- SSL for the site which is not only good for security reason, also the SEO benefits it can bring you.
- No more ‘admin’ username as this is pretty easy for hacker to target.
- Hide your WordPress version. This requires your webmaster to alter some coding at the functions.php file. Once you have hidden this, the robot won’t be able to spot your CMS / version which should get you safe from the hacking robot scanning process.