SlideShare a Scribd company logo

How WordPress Sites Get Hacked

Download as PPTX, PDF
A
Andrew Marks

The document outlines how WordPress sites are frequently hacked, citing that in 2017, 1.5 million sites were compromised, primarily through vulnerabilities in hosting, themes, and plugins. It provides strategies for maintaining site security, such as using high-quality hosting, regular backups, strong password policies, and keeping WordPress updated. Recommended security plugins like iThemes Security and Wordfence are also discussed for enhancing site protection.

Internet
1 of 12
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
How WordPress Sites Get Hacked (And What You Can Do About It)
How Many WP Sites Have Been Hacked? • In 2012, more than 170,000 WP sites hacked • In January 2017, 1.5 million WP sites hacked • WordPress silently patched the issue, an unauthenticated privilege escalation vulnerability in a REST API endpoint, with v4.7.2
Why Would Anyone Want To Hack Your WordPress Site? • Hacking attempts are a matter of opportunity • Most hacking attacks are automated • But what’s in it for them? • Drive-by-downloads • Redirections • System Resources
How Do WP Websites Get Hacked? • 41% get hacked through vulnerabilities in their hosting platform • 29% by means of an insecure theme • 22% via a vulnerable plugin • 8% because of weak passwords
How To Keep Your Site Safe 1. Choose a high quality hosting provider • Latest versions of PHP and MySQL • Perform regular scans for malware and daily backups • WordPress-optimized environment • Knowledgeable staff
How To Keep Your Site Safe 2. Perform Regular Backups • Duplicator • UpdraftPlus • WordPress Backup to Dropbox • BackupBuddy (paid) • VaultPress (paid) • CodeGuard (paid) • BlogVault (paid)
How To Keep Your Site Safe 3. Fortify Your Login • Force use of strong password • Store passwords securely (LastPass) • Don’t use admin • Limit login attempts • Employ two-step authentication • Hide your login page
How To Keep Your Site Safe 4. Keep WordPress up to date 5. Maintain Themes and Plugins 6. Reset Salts 7. Set a unique table prefix 8. Hide WordPress version number 9. Set correct file permissions 10. Turn off PHP Reporting
Recommended Security Plugins
iThemes Security (free version) • One-click “Secure Site” • Ban Bad Users • Block IPs or User Agents • Hide Login and Admin • Away Mode • File Change Detection • Turn off File Editing • Reduce Comment Spam • Brute Force Protection • Strong Password Enforcement • Malware Scans
iThemes Security (paid version) • Two-Factor Authentication • User Action Logging • Password Expiration • WP Core File Comparison • Scheduled Malware Scans • Temporary Privilege Escalation • User Security Check • Google reCAPTCHA Integration • Settings Import & Export
WordFence • Web Application Firewall • Real-time Threat Defense Feed • Malware Scanner • Repair Files

More Related Content

PPTX
Building rest services using aspnetwebapi
Brij Mishra
 
PPTX
10 tips to make your ASP.NET Apps Faster
Brij Mishra
 
PPTX
Getting Started with ASP.NET 5
Brij Mishra
 
PPTX
Building Modern Web Applications with ASP.NET5
Brij Mishra
 
PDF
Getting Started with WordPress JSON REST API
Hishikawa Takuro
 
KEY
Introduce iRedMail Open Source Mail Server Solution
ZhangHuangbin
 
PPTX
Express yourself
Yaniv Rodenski
 
PPTX
Wix Apps in WP TLV
dsero
 
Building rest services using aspnetwebapi
Brij Mishra
 
10 tips to make your ASP.NET Apps Faster
Brij Mishra
 
Getting Started with ASP.NET 5
Brij Mishra
 
Building Modern Web Applications with ASP.NET5
Brij Mishra
 
Getting Started with WordPress JSON REST API
Hishikawa Takuro
 
Introduce iRedMail Open Source Mail Server Solution
ZhangHuangbin
 
Express yourself
Yaniv Rodenski
 
Wix Apps in WP TLV
dsero
 

What's hot (20)

PPTX
Node ts1
Yaniv Rodenski
 
PDF
Selenium WebDriverを利用したサンプルアプリケーションのテスト
Atsushi Matsuo
 
PPTX
Signal rity1
Yaniv Rodenski
 
PPTX
Maximizing WordPress
Brian LaFrance
 
PPTX
Rest assured
Yaniv Rodenski
 
PPTX
Javascript & Jquery
Gurpreet singh
 
PPTX
Building WordPress sites with AngularJS and the RESTful plugin JSON API
Eric Greene
 
PDF
Flask introduction
Hamid Feizabadi
 
PDF
INTER-MediatorとFileMaker Cloudの未来
Atsushi Matsuo
 
PPTX
ASP.NET MVC 4 Overview
Gunnar Peipman
 
PPTX
AppFx.ServiceBus - Simple Messaging with Windows Azure Service Bus
Michael Stephenson
 
PPTX
How to build a rest api
Hoang Nguyen
 
PPTX
ASP.NET MVC 4
Danijel Malik
 
PPTX
Mj hd open nms
Majid Heidary
 
PDF
WordPress as an Application Framework
Nazmul Hasan Rupok
 
PPTX
Secure rest api on microservices vws2016
Quý Nguyễn Minh
 
PPTX
Azure signalr service
Udaiappa Ramachandran
 
PPTX
Multisite core concepts final
Umesh Chaudhary
 
PPT
Hosting rails apps
Pravin Mishra
 
PPTX
Api crash
Hoang Nguyen
 
Node ts1
Yaniv Rodenski
 
Selenium WebDriverを利用したサンプルアプリケーションのテスト
Atsushi Matsuo
 
Signal rity1
Yaniv Rodenski
 
Maximizing WordPress
Brian LaFrance
 
Rest assured
Yaniv Rodenski
 
Javascript & Jquery
Gurpreet singh
 
Building WordPress sites with AngularJS and the RESTful plugin JSON API
Eric Greene
 
Flask introduction
Hamid Feizabadi
 
INTER-MediatorとFileMaker Cloudの未来
Atsushi Matsuo
 
ASP.NET MVC 4 Overview
Gunnar Peipman
 
AppFx.ServiceBus - Simple Messaging with Windows Azure Service Bus
Michael Stephenson
 
How to build a rest api
Hoang Nguyen
 
ASP.NET MVC 4
Danijel Malik
 
Mj hd open nms
Majid Heidary
 
WordPress as an Application Framework
Nazmul Hasan Rupok
 
Secure rest api on microservices vws2016
Quý Nguyễn Minh
 
Azure signalr service
Udaiappa Ramachandran
 
Multisite core concepts final
Umesh Chaudhary
 
Hosting rails apps
Pravin Mishra
 
Api crash
Hoang Nguyen
 

Similar to How WordPress Sites Get Hacked (20)

PPTX
hardenning Operating System Server Berbasis Linux
jokerman16
 
PDF
Do you lose sleep at night?
Nathan Van Gheem
 
PPTX
Managing Multisite: Lessons from a Large Network
William Earnhardt
 
PPTX
WordPress Security and Best Practices
Robert Vidal
 
KEY
WordPress Security
Ivan Storck
 
PPTX
Building Secure WordPress Sites
Catch Themes
 
PPTX
blog application design requirements ppt
satya160439
 
PPT
Blog World 2010 - How to Keep Your Blog from Being Hacked
Brian Layman
 
PPTX
Pengamanan server pada Operating Server Linux
bitmeid2017
 
PPTX
WordPress Workshop
Terri Orlowski
 
PPTX
WCBos13 intermediate workshop
Boston WordPress
 
PPTX
External JavaScript Widget Development Best Practices (updated) (v.1.1)
Volkan Özçelik
 
KEY
Drupal Security Intro
Cash Williams
 
PDF
Word press as your company website
Kelli Wise
 
PDF
WordPress Security Essentials
Angela Bowman
 
PDF
WordPress Security 101 - Meetup Nairobi March 2020
stk_jj
 
PDF
WordPress hosting & Management: An overview
dominicj
 
PDF
Staying Online: Keeping Your Website Safe and Secure
Liam Dempsey
 
PDF
Improve WordPress performance with caching and deferred execution of code
Danilo Ercoli
 
PDF
Emergency WordPress Troubleshooting
Tiffany Bridge
 
hardenning Operating System Server Berbasis Linux
jokerman16
 
Do you lose sleep at night?
Nathan Van Gheem
 
Managing Multisite: Lessons from a Large Network
William Earnhardt
 
WordPress Security and Best Practices
Robert Vidal
 
WordPress Security
Ivan Storck
 
Building Secure WordPress Sites
Catch Themes
 
blog application design requirements ppt
satya160439
 
Blog World 2010 - How to Keep Your Blog from Being Hacked
Brian Layman
 
Pengamanan server pada Operating Server Linux
bitmeid2017
 
WordPress Workshop
Terri Orlowski
 
WCBos13 intermediate workshop
Boston WordPress
 
External JavaScript Widget Development Best Practices (updated) (v.1.1)
Volkan Özçelik
 
Drupal Security Intro
Cash Williams
 
Word press as your company website
Kelli Wise
 
WordPress Security Essentials
Angela Bowman
 
WordPress Security 101 - Meetup Nairobi March 2020
stk_jj
 
WordPress hosting & Management: An overview
dominicj
 
Staying Online: Keeping Your Website Safe and Secure
Liam Dempsey
 
Improve WordPress performance with caching and deferred execution of code
Danilo Ercoli
 
Emergency WordPress Troubleshooting
Tiffany Bridge
 

More from Andrew Marks (13)

PPT
Wordpress for Business
Andrew Marks
 
PPTX
Google Analytics Essential Training
Andrew Marks
 
PPTX
Learn to Think Like a Coder
Andrew Marks
 
PPTX
Why Code Is Cool (And Why You Should Learn It)
Andrew Marks
 
PPTX
A Guide to Google My Business
Andrew Marks
 
PPTX
An Introduction to Gutenberg, WordPress's New Editor
Andrew Marks
 
PPTX
An Introduction to WordPress Hooks
Andrew Marks
 
PPTX
Processing Client Payments from your WordPress Website
Andrew Marks
 
PPTX
GDPR - What You Need To Know
Andrew Marks
 
PPTX
10 Tips for Optimising WordPress
Andrew Marks
 
PPTX
An (Updated) Introduction to Gutenberg
Andrew Marks
 
PPTX
Ultimate Guide to WordPress Multisite
Andrew Marks
 
PPTX
Ultimate Guide to Advanced Custom Fields
Andrew Marks
 
Wordpress for Business
Andrew Marks
 
Google Analytics Essential Training
Andrew Marks
 
Learn to Think Like a Coder
Andrew Marks
 
Why Code Is Cool (And Why You Should Learn It)
Andrew Marks
 
A Guide to Google My Business
Andrew Marks
 
An Introduction to Gutenberg, WordPress's New Editor
Andrew Marks
 
An Introduction to WordPress Hooks
Andrew Marks
 
Processing Client Payments from your WordPress Website
Andrew Marks
 
GDPR - What You Need To Know
Andrew Marks
 
10 Tips for Optimising WordPress
Andrew Marks
 
An (Updated) Introduction to Gutenberg
Andrew Marks
 
Ultimate Guide to WordPress Multisite
Andrew Marks
 
Ultimate Guide to Advanced Custom Fields
Andrew Marks
 

Recently uploaded (20)

DOCX
Unit-3 cyber security network security of internet system
shivangisharma636228
 
PDF
Cloud-Scale Log Monitoring _ Datadog.pdf
MuhammadDhomanhuriMa
 
PDF
The Internet -By the Numbers, Sri Lanka Edition
APNIC
 
PPTX
Introduction to Information and Communication Technology
AkmadArzieAyao1
 
PDF
Tenda Login Guide: Access Your Router in 5 Easy Steps
tendawifi16
 
PPTX
Introuction about ICD -10 and ICD-11 PPT.pptx
naveenithkrishnan
 
PDF
Decoding a Decade: 10 Years of Applied CTI Discipline
Andreas Sfakianakis
 
PDF
Best Practices for Testing and Debugging Shopify Third-Party API Integrations...
CartCoders
 
PPTX
Job_Card_System_Styled_lorem_ipsum_.pptx
Jeffkigen
 
PDF
Automated vs Manual WooCommerce to Shopify Migration_ Pros & Cons.pdf
CartCoders
 
PDF
APNIC Update, presented at PHNOG 2025 by Shane Hermoso
APNIC
 
PPTX
presentation_pfe-universite-molay-seltan.pptx
yahyamohibme
 
PPTX
SAP Ariba Sourcing PPT for learning material
NKKumar16
 
PPTX
Funds Management Learning Material for Beg
NKKumar16
 
PPTX
international classification of diseases ICD-10 review PPT.pptx
naveenithkrishnan
 
PDF
An introduction to the IFRS (ISSB) Stndards.pdf
farhankhan13694
 
PPTX
522797556-Unit-2-Temperature-measurement-1-1.pptx
msar8888
 
PDF
Slides PDF The World Game (s) Eco Economic Epochs.pdf
Steven McGee
 
PDF
WebRTC in SignalWire - troubleshooting media negotiation
Giacomo Vacca
 
PDF
Vigrab.top – Online Tool for Downloading and Converting Social Media Videos a...
Vigrab Top
 
Unit-3 cyber security network security of internet system
shivangisharma636228
 
Cloud-Scale Log Monitoring _ Datadog.pdf
MuhammadDhomanhuriMa
 
The Internet -By the Numbers, Sri Lanka Edition
APNIC
 
Introduction to Information and Communication Technology
AkmadArzieAyao1
 
Tenda Login Guide: Access Your Router in 5 Easy Steps
tendawifi16
 
Introuction about ICD -10 and ICD-11 PPT.pptx
naveenithkrishnan
 
Decoding a Decade: 10 Years of Applied CTI Discipline
Andreas Sfakianakis
 
Best Practices for Testing and Debugging Shopify Third-Party API Integrations...
CartCoders
 
Job_Card_System_Styled_lorem_ipsum_.pptx
Jeffkigen
 
Automated vs Manual WooCommerce to Shopify Migration_ Pros & Cons.pdf
CartCoders
 
APNIC Update, presented at PHNOG 2025 by Shane Hermoso
APNIC
 
presentation_pfe-universite-molay-seltan.pptx
yahyamohibme
 
SAP Ariba Sourcing PPT for learning material
NKKumar16
 
Funds Management Learning Material for Beg
NKKumar16
 
international classification of diseases ICD-10 review PPT.pptx
naveenithkrishnan
 
An introduction to the IFRS (ISSB) Stndards.pdf
farhankhan13694
 
522797556-Unit-2-Temperature-measurement-1-1.pptx
msar8888
 
Slides PDF The World Game (s) Eco Economic Epochs.pdf
Steven McGee
 
WebRTC in SignalWire - troubleshooting media negotiation
Giacomo Vacca
 
Vigrab.top – Online Tool for Downloading and Converting Social Media Videos a...
Vigrab Top
 

How WordPress Sites Get Hacked

  • 1. How WordPress Sites Get Hacked (And What You Can Do About It)
  • 2. How Many WP Sites Have Been Hacked? • In 2012, more than 170,000 WP sites hacked • In January 2017, 1.5 million WP sites hacked • WordPress silently patched the issue, an unauthenticated privilege escalation vulnerability in a REST API endpoint, with v4.7.2
  • 3. Why Would Anyone Want To Hack Your WordPress Site? • Hacking attempts are a matter of opportunity • Most hacking attacks are automated • But what’s in it for them? • Drive-by-downloads • Redirections • System Resources
  • 4. How Do WP Websites Get Hacked? • 41% get hacked through vulnerabilities in their hosting platform • 29% by means of an insecure theme • 22% via a vulnerable plugin • 8% because of weak passwords
  • 5. How To Keep Your Site Safe 1. Choose a high quality hosting provider • Latest versions of PHP and MySQL • Perform regular scans for malware and daily backups • WordPress-optimized environment • Knowledgeable staff
  • 6. How To Keep Your Site Safe 2. Perform Regular Backups • Duplicator • UpdraftPlus • WordPress Backup to Dropbox • BackupBuddy (paid) • VaultPress (paid) • CodeGuard (paid) • BlogVault (paid)
  • 7. How To Keep Your Site Safe 3. Fortify Your Login • Force use of strong password • Store passwords securely (LastPass) • Don’t use admin • Limit login attempts • Employ two-step authentication • Hide your login page
  • 8. How To Keep Your Site Safe 4. Keep WordPress up to date 5. Maintain Themes and Plugins 6. Reset Salts 7. Set a unique table prefix 8. Hide WordPress version number 9. Set correct file permissions 10. Turn off PHP Reporting
  • 10. iThemes Security (free version) • One-click “Secure Site” • Ban Bad Users • Block IPs or User Agents • Hide Login and Admin • Away Mode • File Change Detection • Turn off File Editing • Reduce Comment Spam • Brute Force Protection • Strong Password Enforcement • Malware Scans
  • 11. iThemes Security (paid version) • Two-Factor Authentication • User Action Logging • Password Expiration • WP Core File Comparison • Scheduled Malware Scans • Temporary Privilege Escalation • User Security Check • Google reCAPTCHA Integration • Settings Import & Export
  • 12. WordFence • Web Application Firewall • Real-time Threat Defense Feed • Malware Scanner • Repair Files