How are WordPress installs getting hacked?

Posted on | updated:
Managed WordPress Service

Our friends at WordFence wrote an article today about a survey they recently ran showing that over 55% of all WordPress hacks are through plugins and more than 15% are from Brute Force attacks.

Credit: WordFence article

The Managed WordPress Service by Matraex is a diligent oversight of your WordPress installation.  We provide constant monitoring with weekly in depth review keeping your sight up to date.

Out of Date Plugins

To deal with out of date or insecure plugins we have some rather simple solutios

  1. Update or replace with an updated secure plugin
  2. Rebuild the plugin
  3. or when neither of those are an option, plug known holes, and backup regularly.

Brute Force

To deal with the plethora of Brute Force login attempts we

  1. Block all IP addresses that attempt to login with an invalid username
  2. Block all IP addresses if they make 2 failed login attempts

We consider anything less to be a security hole,   we even built a WordPress Website Check tool identify whether a site is vulnerable to brute force attempts.

 

Find out more about our Managed WordPress Service.