WordPress – the popular content management system and blogging platform used by over 27 million websites – is by far the preferred choice for website owners and bloggers. According to a recent study conducted by website monitoring service Netcraft, over 12,000 phishing websites that Netcraft had found were hosted on compromised blogs running on WordPress and these amount to a whopping 7% of all the phishing attacks during this period.
The compromised blogs were also responsible for spreading malware and accounted for almost 8% of the total URLs which were blocked by Netcraft.
WordPress has been on the hit-list of attackers for quite some time and the main reason for this could be its high usage and the lack of understanding by newbie bloggers who simply install the application and do not think about its security.
From Netcraft stats it appears WordPress.com – a free blogging platform – was not hosting any of the compromised blogs. Quite surprisingly, all the compromised blogs were webmasters who installed WordPress themselves on their website.
Blogs owners can easily start using the application but it is important users regularly make sure WordPress is up to date and secure; but in many cases users do no pay attention to this. Running an outdated version or using plugins with vulnerabilities are the major causes of blogs being compromised.
Worst of all, many website owners use default or vulnerable login usernames and easy passwords which can be brueforced to get access to their sites.
Ensuring safety of your WordPress site
There are various ways in which attackers can get access to your WordPress site and it is your responsibility to make sure you secure all the possible ways and do not keep any route open.
WordPress also supports two-factor authentication which you can use to further prevent unwanted logins to your site.
If you are new to WordPress then you can refer to our post on getting started with WordPress and securing your WordPress blog which would help you start your own WordPress blog and keep it safe as well.
If you have any difficulties in dealing with WordPress then you can always refer to the posts in our official forums or post a query and we’ll help you with it.