1 / 11

How Attackers Gain Access to Your WordPress Sites

The PPT tells”How Attackers Gain Access to Your WordPress Sites”. Most WordPress site owners do not know that their eCommerce store faces the potential risk of online threats. <br>To know more about WordPress Customization Services, browse : http://www.suntecoss.com/wordpress-development-services.html

SunTecOSS
Download Presentation

How Attackers Gain Access to Your WordPress Sites

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. How Attackers Gain Access to Your WordPress Sites http://www.suntecoss.com/

  2. Most Site Owners Don’t Know • Of the 1,032 survey respondents who answered: • 61.5% didn't know how the attacker compromised their website. • Large majority of respondents cleaned their sites themselves. • It is impossible to be confident that you have cleaned your site completely or not.

  3. Plug-ins Are Your Biggest Risk • Plug-ins play a big part in making WordPress as popular as it is today. • There are 43,719 plug-ins available for download in the official WordPress plug-in directory. • Plug-in vulnerabilities represented 55.9% of the known entry points.

  4. Some tips for avoiding plug-in vulnerabilities:

  5. Keep them updated • Reputable plug-in authors fix vulnerabilities very quickly when discovered. • Check for updates at least weekly. • Opt for professional website maintenance & support services

  6. Don’t use abandoned plug-ins • To ensure that code is free of vulnerabilities. • Avoid plug-ins that have not been updated in over 6 months. • Conduct an audit at least quarterly to make sure none of your plug-ins have been abandoned.

  7. Download plug-ins from reputable sites only • If you are going to download plug-ins from somewhere other than the official WordPress, make sure the website is reputable. • Use these tips to determine whether a site is a reputable or not: • Eye Test • TOS and Privacy Policy • Company Information • Contact Info • Domain Search • Name Search • Vulnerability Search

  8. Brute Force Attacks Are Still a Big Problem • It is a password guessing attack • Attacker needs to identify a valid username on your website and then guess the password • Despite the availability of methods and technology that are 100% effective, this type of attack is still a huge problem, representing 16.1% of known entry points.

  9. Some tips for avoiding a hack via brute force attack: • Don’t use obvious usernames • Use cellphone sign-in • Secure your login screen • Understand file and folder permissions

  10. Other Steps to Secure your Site: • Keeping WordPress core up-to-date. • The WordPress team responds quickly when an issue is reported so should you. • Make sure that you have a strong password policy for your CPanel account. • Remove any applications on your server, like phpmyadmin, that aren’t absolutely necessary. • Secure your workstation by keeping your operating system and applications up-to-date.  • Store passwords securely. • Do not store passwords in plaintext in a document online. • Delete any old data you don’t need from your website.

  11. Contact Us • For more information on WordPress development services get in touch with us at info@suntecoss.com and our experts will get back to you shortly. • Visit: http://www.suntecoss.com/wordpress-development-services.html Floor 3, Vardhman Times Plaza Plot 13, DDA Community Centre Road 44, Pitampura New Delhi - 110 034, India http://www.suntecoss.com/

More Related