Robert is an EU based freelance IT consultant and WordPress Security Professional with WP White Security, where he frequently advocates on WordPress security. He is also a guest technical blogger on several popular web application security blogs and websites.
This article explains why the security of your WordPress blogs and websites should not solely depend on WordPress security plugins. It also looks into other attack surfaces a typical WordPress installation has and gives a brief overview of what you can do to address these potential attack surfaces.
WordPress has become a common target for malicious hackers because it is easy to break into. Just last year over 170,000 WordPress blogs and websites were hacked, and for 2013 the number of hacked WordPress sites is expected to increase even more.
Why is it so when WordPress itself is a very secure platform? Let’s have a look at some statistics from last year’s incidents and learn from them so your WordPress is not the next target.
Most probably from time to time you felt the need, or tried to secure your WordPress installation. You feel such urge because one of your websites got hacked, or a fellow blogger’s WordPress got hacked and infected with malware. Maybe you have heard the marketing mantra “If your WordPress website or blog is your main source of income, keep it secure and malware free to succeed in the online world!”. It might be a marketing mantra and scaremongering from security companies, but it is the truth!