In the run up to the new General Data Protection Regulations (GDPR), new data shows that 86.5% of WordPress websites in the UK are vulnerable to known hackable exploits.
With GDPR now only a month away, businesses across Europe are gearing up for what will potentially be one of the biggest shifts in data privacy laws since the 2003 CAN-SPAM Act.
Businesses will face fines of up to €20 million if they do not comply with new legislation and processes, that ultimately put users in control of who, how, and where their personal data is stored.
A key part of GDPR is the business’ responsibility to secure customer data and websites to prevent data breaches, phishing, and other forms of malicious online activity.
Estimates show that WordPress is used by 25–40% of the internet, depending on which source you read, and given its widespread popularity and usage, it is a prime target for hackers.
A recent research study conducted by cybersecurity monitoring platform CyberScanner, they scanned 93,930 WordPress websites and 9834 WooCommerce websites based in the UK and found that on average 80.7% contained at least one known, hackable exploit that can be deemed as a severe security risk.
Some of the most common known vulnerabilities scanned for included cross-site scripting (XSS), SQL injection, cross-site request forgery (CSRF), and SSL certificate problems.
The worst offending WordPress website had a total of 23 separate high-risk known vulnerabilities, among other medium and low risk classified exploits.
Securing your WordPress website
There are more than 100,000 known vulnerabilities that can be exploited by hackers to extract customer data, plant crypto-mining software, or even setup hidden form fields to steal credit card information users have saved in their browsers.
There is no blanket solution to securing your WordPress website, but there are steps that all WordPress webmasters can take to secure commonly exploited areas of the platform.
Brute force attacks
Brute force attacks are a method used by hackers to obtain login information to websites, such as usernames, passwords and PINs. Typically conducted using automated software, a brute force attack generates a high volume of consecutive guesses to both the login and password field.
While having a strong password is always encouraged, it alone may not be enough to prevent a brute force attack. There are some things that you can do, however, to minimize your risk.
Customize login page URLs
Generally, the login page URL for a WordPress website is /wp-login.php or /wp-admin/, and an automated piece of software can guess this. By renaming the URL to something more unique, automated software may not be able to find the page to begin the attack in the first place.
Limit login attempts
A common feature of WordPress websites (and all websites), is the limitation of login attempts.
A number of free plugins exist (such as WP Limit Login Attempts) that enable easy implementation for webmasters and can go some way to protecting your site.
Enable two-step authentication
This is becoming more common across all web applications that require a password, and can be implemented with relative ease on a WordPress website (and through a plugin such as Google Authenticator – Two Factor Authentication).
This requires the user to install an application on their phone, and when they go to login on the website they will need to go to the app to get a randomly generated code to input to complete the login process.
Use SSL to encrypt data in transit
While SSL and TLS don’t wholly secure a website, they do secure user data as it travels between the user’s browser and the website server.
Again, this can be installed with relative ease through Cloudflare’s WordPress integration and its SSL offering.
Google also sees HTTPS as a basic security step that websites must take in order to protect users, and in the Chrome 70 browser websites not on HTTPS will be flagged as not secure by standard.
Securing your database
No matter how secure a website is, keeping and maintaining regular database back-ups is an essential best practice that should be part of any webmaster’s processes.
There are a number of free and premium solutions ranging from VaultPress, BlogVault, and Backup Buddy, all of which are viable options, and the chosen solution should be adequate to the business needs.
Regular housekeeping and updates
Themes and plugins are the backbone of any WordPress website, but they can easily become security threats if they’re not updated and maintained regularly.
Not updating your themes and plugins can mean serious trouble. Many hackers rely on the mere fact that people can’t be bothered to update their plugins and themes. More often than not, those hackers exploit bugs that have already been fixed.
Not updating your theme and plugins can lead to easy backdoors and exploits, as many hackers rely on the fact and look out for webmasters being lax and not updating their assets.
It’s also advised that you remove your WordPress version number, as it’s publicly visible within your source code. Some historic WordPress versions have developed a larger number of vulnerabilities than others, so this could be an advertisement for hackers to attempt a number of already known security challenges. Sururi offer a free plugin to remove the version number from your site.
Related reading
There are many instances where a website might be required to change its domain name. For example, your website might be penalized heavily by Google, and you want a new domain, or you might want to rebrand your business. In this article, we will focus on the tools and techniques that will allow you to migrate WordPress website domain name with minimal impact on SEO.
To grow and stay ahead of your competitors, you need to take a hard look at your reputation strategy. The online reputation … read more
There’s been much talk recently about Google implementing a broad core algorithm update. Google has suggested that this update has nothing to do with the quality of content, and instead focuses on improving the quality of the SERPs. However, if Google wasn’t testing quality, what exactly were they testing? Who benefited from the update, and what can we learn from it?
Digital is vital to the success of any marketing strategy. Or is it? It’s a bold statement but one that is only true if combined with traditional marketing, to really allow brands to effectively dominate the advertising space within their market place, regularly targeting and connecting with the consumer.
This marketing news is not the copyright of Scott.Services – please click here to see the original source of this article. Author: Dan Taylor
For more SEO, PPC, internet marketing news please check out https://news.scott.services
Why not check out our SEO, PPC marketing services at https://www.scott.services
We’re also on:
https://www.facebook.com/scottdotservices/
https://twitter.com/scottdsmith
https://plus.google.com/112865305341039147737
The post GDPR: ensuring your website is secure appeared first on Scott.Services Online Marketing News.
source https://news.scott.services/gdpr-ensuring-your-website-is-secure/
No comments:
Post a Comment