Brilliant Little Business
Share & Show You Care

WordPress Security Breaches Rife

WordPress security breaches rife - stated the article. That got me thinking, is that a true fact or just scaremongering?

Fetch me my soapbox (I've heard the phrase a thousand times but don't really know where it came from and anyone under a certain age will probably have no idea what I mean, but read on and you will) - I need to spout on about a pet subject.

online security soapbox

If it is scaremongering and somebody pays attention I'm delighted because most people simply assume it won't happen to them - an online security breach I mean.

SIDENOTE The upcoming Data Protection laws will do nothing to protect you. They will be just another layer of bureaucracy, another tick box exercise that won't result in your data being any safer. The Data Protection Act 1998 is nigh on 20 years old and during that period your personal information has been left on public transport, given out free with pizzas and distributed by the NHS. Here's a list of some of the biggest breaches in the recent past.

OK, a little latitude taken there but the point is no law will prevent the theft of data. It may help by making some organisations tighten up their security but it's not miraculously going to make the culprits realise their efforts are futile!

If you do anything online (and if you don't you won't be reading this anyway!) you are at risk.

Got an email address? Of course you have. There's a very high possibility it has been compromised at some point through no fault of your own. Large organisations are regularly targeted and email addresses, usernames and passwords at a minimum are taken and released. Don't believe me? Put your email address into this site Have I Been Pwned and see for yourself - good luck. I tried 4 of my addresses and 3 have been compromised - that's scary!

compromised email address

If you use simple passwords and use the same one on many sites you are at serious risk. I can't begin to tell you how many times I've told clients they must use complex passwords. The stock reply is "I have so many to remember I have to use the same one or I'll never be able to login anywhere"

The problem gets bigger everyday as more and more services require you to have online access - even more reason to use different passwords - if your credentials are stolen, EVERY site you have access to is at risk. These guys have seriously clever programmes that trawl the internet finding popular sites and use your credentials to try and login.

If you take nothing more from this article please start using a Password Manager such as Dashlane or Roboform - it makes your life easier (no more passwords to remember - simple login) and more importantly you can use really complex passwords, different for every site and thus minimise the risk if your data is lifted from a site somewhere.

And don't think phishing is restricted to crass "obvious" emails. Many are but more and more look totally genuine. You could unwittingly give away your prized possessions.

wordpress security - open door

Back to the subject title - WordPress security breaches rife

If you want the detailed stats, I'm not your man, I can't tell you the figures and that's not my purpose anyway.

I want you to be aware that although WordPress sites are at risk, I personally doubt a hacker cares what platform you're on. If there's a way in they'll take it.

It's a little akin to a burglar - he or she might have a target property in mind but if they saw a door or window open/unlocked on the way they are likely to stop by!

The issue with WordPress is that it is so easy to use and build a site yet many users are unaware of the risks of using weak login passwords; not updating plugins, themes and core files; leaving old unsupported plugins on the site and generally leaving the site to it's own devices.

Due to its popularity and those flaws of the owners of the sites it is clear that there is some substance to the claim "WordPress security breaches rife". If you have a WordPress site that you need help maintaining and keeping secure I'd love to help.

Now, if you run a simple WordPress blog where you just write about your favourite subject, have no other users setup, no guest bloggers and do not collect any information from other people (ie no email addresses, payment information or other data) you could be forgiven (well actually I won't forgive you!) for thinking that your site is of no interest to a hacker.


The reality is hackers want to access ANY site so they can use it to host their own malicious code or to launch other attacks elsewhere. You can read a great article on this subject here. In particular a clean site, not already flagged by Google as "suspect", is even more appealing. Have you noticed crooks don't wear stripy jumpers and carry bags with Swag written on them anymore?

As a minimum you MUST put security in place. I bet you don't leave the doors and windows of your home unlocked or open when nobody is home. Why do that with your website? The spoils could be just as great.

There's no excuse, Wordfence (for WordPress) is a great security plugin - even the free version and will go a long way to helping reduce the contention - WordPress security breaches rife.

secure your wordpress site

It won't do everything - that requires you being vigilant and keeping your site fully updated.

Check regularly for any updates required. At least every week but preferably daily and PLEASE make sure you're using a strong password and your user name isn't "admin". If it is create a new user for yourself and change it NOW.

And finally, make sure you backup your site regularly. If you are compromised you'll want to know you can restore a clean version and that you haven't lost all your hard work on your site.


Inspiration for this post - Wordfence Security Plugin

Photos by NeONBRAND, Isaiah McClean, Milkovi & Bui Bao on Unsplash