2014-04-10

As one of the most popular and user-friendly open source content management systems, WordPress is used by more and more webmasters. However, the security problems are increased as well. Those issues always happen inevitably so that people are hard to perceive them. For some readers have no idea about which mistakes they should avoid, we list the top 10 common WordPress security issues in this article.

Ignore WordPress Updates

Some users always forget to renew their WordPress so that they cannot find out many security problems immediately. When updating the WordPress, some security holes can be fixed automatically. You’d better do it once a week to maintain the WordPress regularly.

Before updating, you need to backup your site at first. And then, log into the dashboard and enter the Updates > Update Now, you can finish the progress. In addition, the plugins and themes can also be updated by accessing to the Updates > Update Plugins/Update Themes. If you are still unclear, you can follow our previous guide to complete.



Using Unsafe Plugins and Themes

WordPress provides users with numerous plugins and themes, which are easy to install and use. As an open source CMS, WordPress is free to all the users. Thus, some hackers can create some malicious plugins and themes, threatening your site. In this case, your personal information, data and files can be stolen easily.

WordPress offers many security plugins and we have listed out the top 5 in this tutorial. In addition, you can also utilize an online website security service called WebsiteDefender to detect and fix the vulnerabilities efficiently. This application is included in Plugins > Add New > Search Results. You need to search WebsiteDefender at first, and then install it by clicking the “Install Now”.

Keep Using “Admin” as Username

“Admin” is the username existed by default when people firstly sign up a WordPress account, which is easy to remember. It is also easy to be attacked by hackers. In this case, you need to enter the dashboard and change this username to more complicated one which is not easy to remember and guess.

Use Weak Password

In order to remember the password easily, some lazy people set the passwords with simple letters and consecutive numbers, which are easy to be cracked by hackers. The best way to avoid this case is using a long and complicated password including letters, numbers and specific symbols, like “@password2561&”.

Make Use of the Default Favicon

Favicon is an icon, commonly 16×16 pixels. It is displayed in the address bar, next to the URL. Many people use the default favicon, but it really looks unprofessional. Thus, you need to design a favicon with help of some user-friendly tools. There are many free favicon generators available to you, such as Favicon.cc, GenFavicon, FaviconTool and so on.



Not Backing Up the Website

When the site is attacked by hackers or needs to be updated, the web content can be lost easily without a backup. As a webmaster, you need to back up your site regularly to protect the data and files from losing. Simply, you can utilize some easy-to-use automate plugins, like BackupBuddy, WP S3 backups, Simple WordPress Backup, to back up your site with ease. If you are not familiar with the process, just follow this tutorial with step-by-step guidelines.

Set Too Many Categories

Dividing the web content into different categories helps you find the files easily. However, too many categories can slow the page loading speed and have a bad effect on SEO. In this situation, you need to classify the files by using tags instead of setting a lot of categories. You can write the tags through Posts > Tags.

Forget to Install a Caching Plugin

Every query on the site is sent to the databases and dealt dynamically. When there is a large number of people visit your site, the databases should spend much time dealing with those requests. Thus, as more and more visitors access to your web page, the site becomes slow.

In this case, WordPress provides multiple caching plugins to speed up your site, with which a copy of web pages is stored statically. Some powerful caching plugins like WP Super Cache, WP Fast Cache, WP Total Cache and some others are available to users.

Not Setting Up an SEO-Friendly Permalink

Permalink is a URL pointing to a particular page or post, which cannot be changed with time. The default permalink is /?p=123 that is not good for SEO, because it makes both search engines and visitors confused. So you need to set an SEO-friendly permalink under the WordPress Dashboard > Settings > Permalink. Note that a good permalink should include the keywords related to the page or post.

Not Installing Google Analytics

Google Analytics displays the detailed traffic on your website, with which you are able to know your visitors comprehensively. Based on the analysis, you can promote the web pages which are popular with visitors. However, for the page acquires poor traffic, you need to optimize it. This powerful software can help you a lot on the aspect of SEO. You can install it by following this guide.

Show more