CyberScanner is an online, cloud based, website vulnerability scanner capable of comprehensively analysing your WordPress website for thousands of known vulnerabilities and exploits. If successfully exploited by hackers, this can lead to data breaches, malicious content being injected onto your site, and may result in ICO fines under the new GDPR regulations.
Recent studies show that approximately 70% of all WordPress websites are vulnerable to hackers. This is mainly down to WordPress' accessibility as an open source platform (which is also one of its strengths), and it's ever growing popularity.
WordPress is currently used as a CMS (content management system) by around 29% of actively used websites currently online, making it the most popular platform available. It's also estimated that each WordPress site on average has:
- 25.2 installed plugins
- 18.3 active plugins
- 17.6 active plugins with more than 200 lines of code
In total, it's estimated that there are 440-million active WordPress plugins. Out of date orunsecure third-party plugins can be exploited by hackers.
How WordPress websites get hacked
Hackers have automated bots that actively scan the internet for websites that are hackable or can be exploited. The more your brand and business grows online, the more likely these bots are going to find you.
According to The Hacker News, the most common WordPress vulnerabilities are as shown on the chart.
How can I keep my WordPress site secure?
In addition to actively scanning and monitoring your WordPress website security for vulnerabilities and exploits, there are nine best practices you should maintain on your site. These are:
- Delete the "admin" user, and only use custom usernames.
- Ensure that you keep your version of WordPress updated.
- Make sure you keep your plugins and themes updated, deleting unnecessary and inactive themes and plugins.
- Force HTTPS across all areas of the WordPress site.
- Ensure every user has a "strong" password.
- Enable two-step authentication for admins, or any user with the ability to edit or publish on the site.
- Make sure you're using a secure hosting company.
- Use a WAF (Web Application Firewall).
- Generate complex security keys for the wp-config.php file.
How CyberScanner helps you secure your WordPress site from hackers
Our cloud-based scanner performs thousands of passive and semi-penetrative tests on your WordPress site, theme, plugins, and your hosting environment.
A WordPress hack usually starts by the hacker identifying which version of WordPress is running, and then looking through the theme and plugin files for outdated versions or exploits. The hacker will then compare the data they find against a number of publicly available exploit lists, hoping they get a match.
These hacks can be avoided by routinely scanning your WordPress installation, identifying vulnerabilities and then resolving them.
CyberScanner runs over 10,500 vulnerabilities checks against WordPress platforms alone, plus many more on weekly basis which will allow you to fix the issues before hackers find them.
Get in touch
We would love to hear from you!