90% of hacked sites are WordPress sites. But if we put this statistic into perspective, we quickly realise that this represents only 0.005% of WordPress sites in 2020. The reason why so many WordPress websites are being hacked is because WordPress is the most widely used Content Management System in the world. What are the chances of your WordPress site getting hacked? Let’s find out!
How many WordPress sites are hacked each year?
Of course, 90% of hacked sites are WordPress sites. But if we take a little perspective:
- At the end of 2020, there were about 55 billion sites of which 19 billion were WordPress sites (35%) ;
- In 2020, one million of the hacked sites were WordPress sites.
Therefore, only 0.005% of WordPress sites were hacked in 2020. If you have seen alarming information on the Sucuri website, it is normal. This site sells a WordPress security plug-in. So this company has a great interest in scaring you about it! If you adopt some of the best practices we’re going to talk about, your WordPress site is very unlikely to get hacked.
What is the main threat to WordPress sites?
The threat does not come from WordPress, but from the wide range of plug-ins downloaded by WordPress users. While WordPress is constantly updating its environment, it cannot ensure the security of all its plug-ins.
WordPress is an open source ecosystem that relies on third-party developers, and without plug-ins, users cannot extend the platform’s core functionality. Many WordPress developers or website owners have suffered attacks and hacks because of plugin vulnerabilities.
Here are three tips to implement today:
- Remove inactive plug-ins from your WordPress space (otherwise they can be infected in the event of a hacking attempt);
- As soon as a plug-in update is available, run it quickly (this will help to eliminate bugs and improve the security of your WordPress site);
- Look at the rating, comments and forum for the plug-in before downloading it (this way you can ensure that the plug-in is trustworthy and easy to use).
How to protect your website from hacks on WordPress?
To be safe 24/7, you should update the applications and themes you use on WordPress. Also, be sure to remove any plug-ins and templates you are not using.
In addition, check out our guide on how to secure your WordPress site. Finally, choose a reliable web host. Find one that can offer quick fixes, both aesthetically and technically.
At Maras IT, our hosting service aims to provide a concrete and secure response to prevent malicious attacks. We have set up a regular back-up system and five layers of protection:
1. Server side software (Infogerance)
Regarding outsourcing, we use a firewall. The purpose of a firewall is to filter the information that enters and leaves a computer network to protect the data. This protection system limits intrusions from external networks and especially from the Internet.
2. Network (Datacenter OVH / hetzner)
Here we use the OVH network which has its own protection mechanism for IP attacks. Find out more about how OVH protects its customers from major cyber attacks.
3. DNS (Cloudflare name server)
Cloudflare also has its own defence mechanism. In addition, it allows us to trigger the "under attack" mode in order to activate a protection without their intervention.
4. Software on the application side (Security Plugin)
To ensure the security of all the sites we host, we use a secure WordPress plugin. These are usually iThemes or WordFence.
5. Pentest (external penetration test)
Finally, we use Pentest through a White Hat (computer security). This is an ethical security hacker.
In case of a hack, we restore your website with the latest backup, as if nothing had happened!
Would you like to host your website with us? Then discover our three types of Maras IT hosting!