• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar

HANDS ON WORDPRESS

Making a Living with WordPress

  • Home
  • Blog
  • About
    • About Hands On WordPress
  • The Austin WordPress Community
  • Contact
  • Show Search
Hide Search
You are here: Home / WordPress / WordPress Security – The Mind of a Hacker

WordPress Security – The Mind of a Hacker

sandibatik · May 9, 2011 · Leave a Comment

Austin WordPress Meetup Notes — 5/9/11

Image of Nick Batik
Nick Batik

This month’s Hands On WordPress meeting focused on WordPress security. Nick Batik explained that the good news is that WordPress is the most commonly used platform for websites on the web – 14% of all sites, and nearly 55% of those site that use a Content Management System. He noted that it is also the bad news because big targets attract hackers. Nick demonstrated some known types of WordPress vulnerabilities. He walked us through the mind and methods of a hacker, the most common mistakes WordPress users make when installing and maintaining your WordPress site, and then demonstrated a series of easy and common sense steps to make your WordPress safe and secure. It’s not hard, and it’s not scary once you know how. The meeting closed with a #WPATX member Q&A. Nick has posted the responses to those FAQs in a series of short blog posts both here and on theAustin WordPress Meetup site wpaustin.com.

WordPress Security FAQs

Why would someone hack my WordPress site, I don’t even have a lot of visitors yet?

A basic tenant of WordPress Security is that these individuals are not targeting your WordPress website – your site is  just one of thousands they probe for vulnerabilities.  You need to understand that in the mindset of a hacker, this is strictly a numbers game, and some day your site’s URL number just comes up — it is not personal.

In WPATX meet-ups I have demonstrated some of the of the ways a hacker finds vulnerabilities in WordPress websites.  I will not include that information here because all I want to do is illustrate the no one is immune, and every WordPress site can have a vulnerability — not teach you, or others how to hack.

Most often hacking is a crime of opportunity – like an open gate or unlocked car door. In general the hacking process involves three steps:

  1. Find a point of entry
  2. Compare the website / server information to know vulnerabilities
  3. Have fun

The hacker doesn’t even have to know what he or she is doing. There are many programs that can be found on hacker sites that go through this process automatically. These are popular with novice, juvenile, or dilettante hackers. Because they often don’t require any sophisticated understanding to operate, the people who use them are held in very low regard by the “real” hacker community, and are referred to by the derogatory term “script kiddies.” That does not mean that a persistent Script Kiddie can’t do some very real damage to your WordPress website.

To learn more about common entry points for hackers see Nick Batik‘s answers to other WordPress Security FAQs

  • WordPress Security — How to Prevent Directory Browsing
  • WordPress Security – How to Prevent Brute Force Attacks
  • WordPress Security – Locking Down Your Site
  • WordPress Security – Backing-Up Your Site

 

Filed Under: WordPress Tagged With: Austin WordPress Meetup, Best Practices, WordPress Security

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

About Sandi Batik

About Sandi Batik

Introverted Freelancer, WordPress trainer, consultant, curricula developer, author, unapologetic geek, unrepentant capitalist, lucky enough to do what I love … more about me about About Sandi Batik

  • Twitter

Search

Introverted Freelancer

Traits of Successful Introverted Freelancers

Traits of Successful Introverted Freelancers

2017 Business Check-up Workshop

2017 Business Check-up Workshop

Expanding Your Business With Automated Marketing Funnels

Expanding Your Business With Automated Marketing Funnels

How to Use Permission Marketing to Build Your WordPress Business

How to Use Permission Marketing to Build Your WordPress Business

How Much Should I Charge for Building or Designing a WordPress Website?

How Much Should I Charge for Building or Designing a WordPress Website?

Project Management

Keeping Scope Creep From Killing Your Schedule and Profit Margin

Keeping Scope Creep From Killing Your Schedule and Profit Margin

Project Management for WordPress Freelancers

Project Management for WordPress Freelancers

WordPress

Securing and Maintaining Your WordPress Site

Securing and Maintaining Your WordPress Site

How The WordPress Media Library Works — 2018

How The WordPress Media Library Works — 2018

How To Build an Information Structure for Your WordPress Site

How To Build an Information Structure for Your WordPress Site

How WordPress Themes Really Work

How WordPress Themes Really Work

How to Create and Manage eMail Newsletters from Your WordPress Site

How to Create and Manage eMail Newsletters from Your WordPress Site

How to Secure and Maintain Your WordPress Site

How to Secure and Maintain Your WordPress Site

Copyright © 2010-2023 Hands On WordPress · All Rights Reserved