Top Threats to WordPress Sites

Top Threats to WordPress Sites

Posted on by Noura Ibrahim
Category:SEO
Tagged, , , ,

Top Threats to WordPress Sites Identified in New Report

A new report identifies the top security threats and most common attacks against WordPress sites.

WordPress sites are increasingly being infected with malware from pirated themes and plugins, as per a new report on WordPress security.

Security firm Wordfence published a report on threats and attacks targeting WordPress sites, with data gleaned from the 4 million customers that have its software installed.

The major threats facing WordPress sites fall into three categories:

  • Malware from pirated themes and plugins
  • Malicious login attempts
  • Vulnerability exploits
Top Threats to WordPress Sites

Here’s a summary of key highlights from the report.

Malware From Pirated Themes & Plugins

The most widespread threat to WordPress security is malware from pirated (nulled) themes and plugins.

Wordfence detected more than 70 million malicious files on 1.2 million WordPress sites in the past year. Over 17% of all infected sites had malware from a nulled plugin or theme.

The WP-VCD malware was the most common threat to WordPress, counting for 154,928 or 13% of all infected sites in 2020.

When a plugin or theme is pirated its license checking features are disabled or removed, which makes it easy for hackers to gain backdoor access.

The best way to defend your WordPress site against this type of attack is to purchase your plugins and themes legitimately and keep them updated.

If your budget doesn’t permit the purchase of a premium theme then a free alternative from a reputable provider is the safest option.

Malicious Login Attempts

Wordfence detected (and blocked) over 90 billion malicious login attempts from over 57 million unique IP addresses. That’s a rate of 2,800 attacks per second targeting WordPress sites.

These attempts are said to include credential stuffing attacks using lists of stolen credentials, dictionary attacks, and traditional brute-force attacks.

WordPress site owners can protect themselves from malicious login attempts by setting up multi-factor authentication. This will ensure no one can get in without a password and a special code only you have access to.

For more SEO Articles: https://www.dazzlepop.net/site/category/seo/

Read more: www.searchenginejournal.com

About the author