Is Wordpress Vulnerable In Terms of Security/Hacking?

Always keep your blog up to date.

Check every theme/plugin you are using, when not sure if it is okay, by downloading to your own computer, unpack, virus check, ...

I am using different WP plugins and some .htaccess magic - my own creation ;-) ...

It works out for me, I am blocking people that are trying the password recovery/login immediately.

There are a few things you MUST know before installing and securing a WP blog.

Hit me up on skype if you need more informations.

By the way...

I did a research on WP exploits/hacking some months ago... so I guess I could tell you a lot about this bad bad stuff ;-)

There are some security plugins for Wordpress. You may want to check them out.

Because it's so popular, WordPress is a target for hackers - just as Internet Explorer (and MS Operating systems) are. However, the WordPress team are extremely diligent on security and any loopholes that are discovered are addressed immediately.

That only affects the WordPress core, though, and you have your themes and plugins to consider as these are developed by third parties.

Clearly the smartest move is to make sure your versions (WordPress, plugins and themes) are always at the current (i.e. latest) level.

Here are some things you can do as a non-techie, which are easy:

Make sure your user name isn't 'admin'. If it is (or there's a user on your site with that username) set up a new one with administrator rights but a different username, check that it works and then delete the user 'admin'. You can use letters, numbers, some symbols, spaces and different cases for your user name, as you can for your password.

Be sure to change your nickname, so that your username isn't displayed publicly

Check your own computer for viruses or malware and keep it clean.

Use SFTP instead of FTP to transfer files between your computer and server.

Always keep a full site backup of the latest version of your site.

If you have more than one user with administrator rights on your site make sure you know who they are and that you trust them implicitly. If someone needs admin access to your site (to fix a problem, for example) do not give them your login details. Create a new admin user for them and delete it immediately after they've done what they needed to do.

If your site is hacked be sure to change not only your WordPress login details once it's restored, but also your cPanel (or hosting provider) and FTP login details as well.

There are other things you can do that are a bit more techie, but for a non-techie person those steps above will help.

Cheers,

Martin.

Wordpress cores are regularly update to prevent any risk of hacks. Many fortune big sites also use Wordpress. Some reasons that take Wordpress based sites to fall into security vulnerability are from the third party conditions. Hosting in a share server which host other sites that have security loophole is also a mess. Have strong username and password and change it regularly could also help. Check and change Wordpress directories and files permissions are good. Protect brute force attack by either permit login attempt, change login url to custom one other than default urls, password protected admin directory, or even allow only specific IP to access the login page are great. Always do backups as often as possible is a good practice. Follow the latest versions of themes and plugins to make sure the compartibility and secure. Scan or check all files for malicious codes before uploading to the site server. Deactivate and delete the themes and plugins that are no longer use. Use third parties service to protect from fraud and hackers if doable. There many other methods to prevent Wordpress based sites from being hack.

There is some basic rules to follow in order to keep your WP website out of hackers reach:

1. Hackers proof hosting, WP is popular so already many hosts claim to be WP friendly BUT only few of them a hacker proof when it comes to their reseller packages
2. Keep your WP version and plugins and themes up to date. Usually people overlook the themes updates this summers timthumb vulnerability where thousands os WP website got screwed over a js backdoor.
3. Use WP plugins that alert in any change of your WP core files code.
4. Use WP admin username different than admin
5. When installing WP give database a different prefix than the usual one "WP"
6. Check out your website once in a while for any suspicious activity

If you have a high traffic website that generates revenue then I advise to subscribe with a premium WP hack proof service, it will save you money and time down the road.

1.Hackproof hosting
2.Keep your WP version and plugins and themes up to date3.Delete all unused plugins and themes.
4.Download themes or plugins from trusted sites or from wordpress.org
5.Remove all spam comments regularly.
6. Check out your cpanel of your website once in a while if possible.

wordpress is more secure than any other cms ,like joomla.
keep your version of wordpress & plugins up to date.

more important: always take a backup so in worst case you can sve your data and put it online again.

I use Better WP Security that makes my blog as secure as a bank and BackWPup to regularly backup my site to my dropbox account in case something goes wrong.

Worst case scenario I lose few days worth of stuff, but I don't update my site that often anyway.

Both plugins are free too.

Everything is hackable, there is no "hack proof hosting provider", there is nothing 100% secure.

Personally I am using Wordfence, some .htaccess rules, a backup solution for Wordpress (daily backups of db and all files, like backupbuddy or similar).

Never use the standard values when installing Wordpress. Do not use admin as username, use a username that is hard to guess. Do not use wp_ as database prefix.

Make sure WP and plugins/themes are ALWAYS up to date (most people just ignore this) and do not use plugins/themes from unreliable sources.

Even files on wordpress.org can be infected with malicious code... if you are unsure about plugins/themes ask other people that are using these.

Here is a list of known WP exploits:

http://wordpressexploit.com/

Nice Thanks For The Link