More than 60 thousand WordPress sites get hacked every day<\/strong>! Don’t believe us? Have a look at this real-time counter<\/a>. It’s extremely frustrating to get hacked. It costs time, money, reputation, and nerves, but what’s even worse – in most cases it’s completely avoidable<\/a> if you follow WordPress security best practices. No site is completely hack-proof. The fact that huge companies get hacked all the time is the best example of that. However, just a tiny effort<\/strong> can dramatically increase the chances of not getting hacked<\/strong>!<\/p>\n\n\n\n You should be proud that your site is powered by WordPress and there's no need to hide that information. However disclosing the full WP version info in the default location (page header meta) is not wise. People with bad intentions can easily use Google to find site's that use a specific version of WordPress and target them with 0-day exploits.<\/p><\/div><\/div> As mentioned in the previous test - you should be proud that your site is powered by WordPress but also hide the exact version you're using. readme.html<\/i> contains WP version info and if left on the default location (WP root) attackers can easily find out your WP version.<\/p><\/div><\/div> As with the WordPress version it's not wise to disclose the exact PHP version you're using because it makes the job of attacking your site much easier. This issue is not directly WP related but it definitely affects your site.<\/p><\/div><\/div> Disclosing usernames is not a terrible mistake. Obviously you need the username and the password to login but hiding them will prevent hacker from doing brite-force attacks on your accounts.<\/p><\/div><\/div> By default on failed login attempts WordPress will tell you whether username or password is wrong. An attacker can use that to find out which usernames are active on your system and then use brute-force methods to hack the password.<\/p><\/div><\/div> There have already been a couple of security issues regarding the install.php<\/i> file. Once you install WP this file becomes useless and there's no reason to keep it in the default location and accessible via HTTP.<\/p>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div><\/div> There have already been a couple of security issues regarding this file. Besides the security issue it's never a good idea to let people run any database upgrade scripts without your knowledge. This is a useful file but it should not be accessible on the default location.<\/p>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div><\/div> Allowing anyone to view all files in the uploads folder just by point the brower to it will allow them to easily download all your uploaded files.\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tIt's a security and a copyright issue.<\/p>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div><\/div> If you're not using Windows Live Writer there's really no valid reason to have it's link in the page header thus telling the whole world you're using WordPress.<\/p>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div><\/div> If you're not using any Really Simple Discovery services such as pingbacks there's no need to advertise that endpoint (link) in the header. Please note that for most sites this is not a security issue because they \"want to be discovered\" but if you want to hide the fact that you're using WP this is the way to go.<\/p>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div><\/div> If you’re hacking more\/less any site you can and don’t have a specific target it’s obvious you’ll initially target the weakest sites<\/strong>. Ones that take almost no effort to hack. All we’re saying is – don’t be in that category! Believe us, it doesn’t take much because a lot of people have 12345<\/em> sets as their password and don’t update WordPress plugins, core, or themes for years.<\/p>\n\n\n\n We’ve created this free scanner to show you a few things you should check on your site. None of the listed things by themselves pose any danger but they do increase your chances of being hacked because you’re the low-hanging fruit. Just enter your site’s URL and click Scan Site. It only takes a few seconds to do the scan. No, your site won’t slow down nor will anything bad happen to it. If you want to find out more about the tests, get help on how to fix them, and perform over 40 tests to secure your site we recommend installing Security Ninja<\/a> – it’s free on the official WordPress repository, and it will help you make your WordPress website more secure.<\/p>\n\n\nEnter the URL and scan your site<\/h2>\n\n\n
Hackers love low hanging fruit<\/h2>\n\n\n\n