WordPress Security: 2015 in Review

Another day, another year and 2015 is drawing to a close. It’s been an interesting year with Donald Trump making waves in the presidential elections, and finishing off with Steve Harvey crowning the wrong Miss Universe! 2015 is a year to remember. In the midst of the holiday cheer, it’s also the time to reflect back on the past year to learn and grow from our mistakes.

By mistakes, we mean lapses in your WordPress security — not on how you need to start hitting gym! With WordPress attacks on the rise, it’s more important than ever to keep your site safe and beware of some common pitfalls. Only last month, data security firm Imperva confirmed in their WAAR Report 2015 that WordPress has been the victim 3.5 times more than other Content Management Systems.

WordFence has released the results of their first annual WordPress Security Survey. A large sample of 7,375 WordPress users took part in the survey revealing data of security behaviour of WordPress users, from those with little to no experience to total experts.

Of the respondents, 38.9% admitted to being a victim of a WordPress attack in the past year. It appears that a majority of the victims were not proactively scanning their site for viruses but rather stumbled upon it. Over 35% of the sample said that they were alerted to their site being compromised while visiting their site. Around 27% said that their hosting provider took their site offline and 26% were contacted by a customer.

Although more than half of WordPress users find their income greatly affected when their site goes compromised, it appears from the survey results that expert users were far more concerned about site security than advanced and intermediate users.

Plugins often make it to the news for creating vulnerabilities in the site’s defense system, yet interestingly the survey found that the most used plugin type installed was a security plugin. It was closely followed by contact form, SEO and anti-spam plugins.

As a site owner, it’s your responsibility to keep your site well protected. Use these 4 simple ways to protect your site from ever getting compromised.

Merry Christmas and a Happy New Year from everybody at WPSOS! See you next year ;)