WordPress Security: 2015 in Review

Anoth­er day, anoth­er year and 2015 is draw­ing to a close. It’s been an inter­est­ing year with Don­ald Trump mak­ing waves in the pres­i­den­tial elec­tions, and fin­ish­ing off with Steve Har­vey crown­ing the wrong Miss Uni­verse! 2015 is a year to remem­ber. In the midst of the hol­i­day cheer, it’s also the time to reflect back on the past year to learn and grow from our mis­takes.

By mis­takes, we mean laps­es in your Word­Press secu­ri­ty — not on how you need to start hit­ting gym! With Word­Press attacks on the rise, it’s more impor­tant than ever to keep your site safe and beware of some com­mon pit­falls. Only last month, data secu­ri­ty firm Imper­va con­firmed in their WAAR Report 2015 that Word­Press has been the vic­tim 3.5 times more than oth­er Con­tent Man­age­ment Sys­tems.

Word­Fence has released the results of their first annu­al Word­Press Secu­ri­ty Sur­vey. A large sam­ple of 7,375 Word­Press users took part in the sur­vey reveal­ing data of secu­ri­ty behav­iour of Word­Press users, from those with lit­tle to no expe­ri­ence to total experts.

Of the respon­dents, 38.9% admit­ted to being a vic­tim of a Word­Press attack in the past year. It appears that a major­i­ty of the vic­tims were not proac­tive­ly scan­ning their site for virus­es but rather stum­bled upon it. Over 35% of the sam­ple said that they were alert­ed to their site being com­pro­mised while vis­it­ing their site. Around 27% said that their host­ing provider took their site offline and 26% were con­tact­ed by a cus­tomer.

Although more than half of Word­Press users find their income great­ly affect­ed when their site goes com­pro­mised, it appears from the sur­vey results that expert users were far more con­cerned about site secu­ri­ty than advanced and inter­me­di­ate users.

Plu­g­ins often make it to the news for cre­at­ing vul­ner­a­bil­i­ties in the site’s defense sys­tem, yet inter­est­ing­ly the sur­vey found that the most used plu­g­in type installed was a secu­ri­ty plu­g­in. It was close­ly fol­lowed by con­tact form, SEO and anti-spam plu­g­ins.

As a site own­er, it’s your respon­si­bil­i­ty to keep your site well pro­tect­ed. Use these 4 sim­ple ways to pro­tect your site from ever get­ting com­pro­mised.

Mer­ry Christ­mas and a Hap­py New Year from every­body at WPSOS! See you next year ;)