WordPress security: 3 plugins to get your site hacked

Wordpress security

Getting a solid grip on WordPress security can seem a full-time task. The web currently comprises more than a billion web sites. And as the digital universe continues to grow, it continues to attract more and more black hats prowling the web’s digital back alleys looking for an easy mark.

According to a recent report from Sucuri, the new numbers are disheartening.

As of March 2016, Google reports that over 50 million website users have been greeted with some form of warning that websites visited were either trying to steal information or install malicious software. In March 2015, that number was 17 million. Google currently blacklists close to ~20,000 websites a week for malware and another ~50,000 a week for phishing. PhishTank alone flags over 2,000 websites a week for phishing. These numbers reflect only those infections that have an immediate adverse effect on the visitor (i.e., Drive by Download, Phishing) and do not include websites infected with Spam SEO and other tactics not detected by these companies.

The report doesn’t say how many sites Sucuri included in its research, but it does say that vulnerable plugins were the number one means of site compromise. The top 3 offenders?

  1. RevSlider
  2. Gravity Forms
  3. Tim Thumb

Fortunately for WordPress users, there are good security plugins on the market. Each one approaches security a little differently; it’s more than worth the time to read up on each of them and see which one (or two) best fits your needs. Infosec give a good intro to the big 7 here.

At K4 Media, we use two: iThemes Security and Sucuri Security. What do you use?

(Interested in a professional security audit of your WordPress web site? Get in touch.)