WordPress, Curse or Blessing?
Mariann Csorba

WordPress, Curse or Blessing?

Mariann Csorba

WordPress is the most commonly used blog engine, which is free to use and has an open source code. It is used mainly for the operation of websites, blogs and webshops. If your purpose is to have a great website in a blink of an eye, which you are able to develop later in parallel with the change of unique demands, you have found the best solution.

wp_906_ae9aafa17221a13d4d64514daf30e42cd994b092

Why is it a blessing?

  • As it gets more and more successful, the number of developers and supporters grow proportionately. They constantly look for bugs, vulnerabilities while they report and fix them.
  • It is easy-to-use, so laymen can also have a nicely designed, stylish website that suits their taste, let it be business-related or personal website.
  • Installation takes less than 5 minutes. Besides this, thousands of templates are available, ( supplementary programs ) in order to highlight and enhance the website.

 

Why a curse?

  • As it is free to use, it soon gained popularity, which means it became a well-known victim of attacks. We advice to take a look at your settings while setting it up, this way you can prevent a wide range of attacks.
    • E.g. : It worth changing the prefix of the database from the preset wordpress. You should not use „admin” as your username, because the hackers will try this option as the first element in the cracking process. The password should be long and strong enough. It worth generating the password with a program.

 

WordPress and targeted attacks

1, DDoS

WP contains a TrackBack/PingBack function which aims to notify all of the linked blogs when a new article is published. WP users should disable this function, because hackers can start DDoS attack if they connect the WordPress to a botnet. This way, the website becomes a zombie, and in the future will remain available for the hacker to initiate pingbacks towards the target server, bringing it down.

2, Bruteforce

In order to avoid bruteforce attacks against your website, it is advantageous to use the Limit Login Attempts plug-in, which puts a limit to the number of login attempts. If someone tries to log into the account several times, reaching the set limit, the IP will be blocked and won’t be able to access the WordPress again. The bruteforce attack is increasingly dangerous, because it can even paralyze the website.

3, Plugin Vulnerability

As a wide range of official and unofficial plugins are available for WordPress users, it is almost inevitable to install one that has vulnerabilities and security gaps which can be easily exploited by hackers.

Latest WP Vulnerabilities

 

Let the curse be a blessing

Unfortunately, many of the wordpress users use the service with the automatic functions, does not pay enough attention to the proper username/password pair and they do not use the plugins that would make their websites more secure. Moreover, we cannot emphasize the significance of habitual updates. If you disregard the security patches, even shared webhosting servers can be cracked, where hackers can mutilate dozens of websites, causing huge financial damage and extreme drop in attendance.If you would like to turn this curse into a blessing, use BitNinja which defends your server from all of the above mentioned attacks. Being a webhosting company comes with a whole army of responsibilities towards the users, that is why we recommend to protect our own servers and the customers’ servers proactively with Bitninja.

Share your ideas with us about this article

Previous posts

Hillary and Information leakage- Who is responsible?
In 2015 it was made publicly known that Hillary Clinton, being the United States Secretary of State, used her private email server for email conversations which ,not so long ago, turned out to contain classified and top secret information. The whole server has been investigated thorougly by the FBI in the hope of finding any evidence for the suspected malpractice and negligence. As it turned out, she violated the Federal Records Act, because she should have sent her emails from a secret governmental email server. As a result of the FBI investigation, they did not find signs of successful serve...
Configure your Railgun server to see proper logs
Many of our customers who use Cloudflare have recently notified us that they are not able to see the proper visitor IPs in the logs only the railgun server IPs. It is caused due to the fact that the requests are not directly coming from Cloudflare, so mod_cloudflare will not restore the IP’s of the visitor. That is why we would like to ask you to configure the mod_cloudflare. What is a Railgun server? How do I fix this? Open your Apache configuration ( if you do not know where to find it, ask your hosting provider for assitance ) At the very end add:CloudFlareRemoteIPTrustedP...