Are you having a WordPress website and ever wondered how the site may get hacked? Worst part – your website is already hacked and you some how fixed it from the backups you have and you want to know the prevention techniques. Before understanding the prevention measures, you must understand how the hacking is done in the first place.
Here is a short video of how the vulnerability will get exploited.
As you can see in the video, the wpscan tool first retrieves important information about the WordPress installation such as version, the plugins and themes used, as well as other information like Apache version and others. Once the hacker gets the information and enumerates the users present in the WordPress installation, the next step is to brute force the system against the common and less strong passwords. With the master password in hand it will be very easy for the hacker to login, edit or delete the content, and also deface the website. If the server is also vulnerable then there is a chance to get the commands executed at the operating system level to wipe out the files.
To summarise, these are the main reasons the wordpress website hack might affect you
You are running an outdated version of the WordPress
The plugins and themes that you are using are outdated
Your hosting provider or your server is having a vulnerable server configuration, i.e the server hardening is not done
Your users are not using strong passwords
You do not take the backup of your website
What can you do to stop it?
There are very simple yet powerful activities that you can take care in less time.
Update your WordPress version as soon as the new version gets released are the latest stable version available
Update dependent plugins and themes when the updates are available
Most importantly, take regular backups of your site and the database
Install WP security plugin
Change the default administrator username from admin to something else
Have a strong password policy for your user accounts
The password of the administrator should be strong enough having one or two special characters, combination of upper and lowercase letters along with some numbers.