In 2018, a report by infosecurity-magazine.com suggested that WordPress accounted for 90% of all hacked sites, up from 83% in 2017. WordPress is a target for hackers because of its huge user-base. Fortunately for you, WordPress’s “core” is very secure. Unfortunately for you, hackers find their way into sites because of mistakes made by site administrators and security holes in third-party addons like plugins and themes. One report I read suggested that 98% of WordPress vulnerabilities are related to plugins. Another, more conservative report suggested that figure was 52%, but it’s still a large number. Another statistic showed that 8% of WordPress websites were hacked because of weak passwords. According to Sucuri, 61% of infected WordPress sites are out of date. WordFence, a company specializing in WordPress security, said there were 90,000 attacks per minute on WordPress websites.
With an estimated 30,000+ websites being hacked every day, website security has to be be a main concern for anyone running a website, no matter how small.
Hacked sites can be used for a variety of purposes, such as redirecting your traffic, stealing customer details, deleting files, changing your login details to lock you out, sending spam emails to millions of people, SEO for the hackers site, and so on.
And don’t think that your small, insignificant site is safe from hackers. To a hacker, a site is a site. They’ll use computer software to scan millions of websites for vulnerabilities and then attack the soft targets. There is no softer target than a newly setup WordPress website that’s run from someone’s bedroom.
There is obviously good reason to be concerned about your website security. However, I don’t want you to think that WordPress is an insecure platform that should be avoided, it isn’t. WordPress is actually very secure and if a security hole is found, it is usually plugged very quickly by the WordPress security team and pushed out to all WordPress installs – automatically.
The real security issues come from the people running the websites. They often don’t have enough knowledge to make educated decisions about the content they put on their site, the plugins they use, or the themes they install.
This book has two aims:
1.I want to give you the knowledge you need so that you can understand where the main threats come from. With that knowledge, you will understand how your administrative actions can affect the security of your website. This knowledge gives you the power to stop hackers.
2.I want to give you a step-by-step solution to make your website as hackproof as possible. We’ll install a single WordPress plugin and go through the entire setup process. Simply follow along on your own site as I secure one of my own. Security plugins can lock you out of your dashboard if you try to enable features not supported by your web host, but this book takes a cautious route so that shouldn’t happen. However, if it does, relax. I’ll show you the fool-proof way of getting back into your dashboard without losing anything.
If you are not very technically minded, don’t worry. This book assumes no technical ability and no programming skills.
