Over 74.6 million websites run on WordPress. Around 50% of this is hosted on self-hosted WordPress.org. In the realm of self-hosted sites, WordPress accounts for close to 20% of all websites. Noteworthy, thousands of WordPress sites are defenceless to attacks and get hacked each day.
Here is the thing…
If your WordPress site gets hacked, you may lose your data, it can cost you lots of money, or worse, the attackers may use your WordPress site to target your visitors. And what happens to hacked websites? They get blacklisted by search engines.
Attackers use bots that automatically scan the web for weak websites and hack into them within seconds. It therefore means that if your website is weak, it’ll be only a matter of time before you run into trouble.
How WordPress Sites Get Hacked
WordPress websites get hacked because of the following reasons:
Weak Passwords – If you are using a weak login password to your wp-admin then your WordPress will be vulnerable to attacks.
Vulnerable Themes – Weak themes expose WordPress websites to attacks. Also, unupdated themes weaken WordPress sites.
Vulnerable Plugins – One study revealed that almost 98% of WordPress blogs were easily exploited because they were running outdated versions of the software, or outdated plugins. Here is a list of 50 most attacked WordPress Plugins in 2017 complied by Anil Parmar.
Web Hosting – Cheap is expensive. Cheaper web hostings tend to increase the vulnerability of a WordPress website to attacks.
No site is safe. Every website is prone to attacks. But how do you prevent your WordPress websites from being hacked? Here is how. Let me introduce you to Security Ninja.
Protect Your WordPress Site Using Security Ninja
Security Ninja is a security WordPress plugin that helps discover any vulnerability or weaknesses in your WordPress website.
It scans your website within a minute and points out where the security problems are. And what makes it even more powerful is its ability to tell you how to fix these problems.
I have been using WordPress for so long and I’ve built a number of WordPress websites which by the way, I have been enjoying all through. But just like other WordPress website owners, I get worried about the security of these websites. I have learnt that WordPress websites become vulnerable to attacks if you are using old themes, outdated plugins and out-of-date WordPress software. Here are some of the WordPress Plugins that are very dangerous and vulnerable to attacks, and I believe you should avoid by all means possible.
I know you are beginning to think that WordPress team is doing nothing about it. No. Don’t get me wrong. WordPress team are doing their best to keep the backend really tight. Still, you need to take a few extra precautions from your side.
For me, the best way to take extra precautions is to use security ninja. It has been around for over 7 years and they have been providing updates to counter the constantly changing security threats.
How Does It Work?
To be able to use security ninja plugin, all you have to do is download it, install it and activate it on your WordPress website.
What follows is to hit ‘run tests’ button and the scan will last for one minute or even less. Security Ninja will give you over 50+ potential threats to your website.
The tests include:
- Brute-force-force attack on user accounts to test password strength
- Numerous installation parameters tests
- File permissionsversion hiding0-day exploits tests
- Debug and auto-update modes tests
- Database configuration testsApache and PHP related tests
- WP options tests
More tests come with every update. And this makes security ninja the best WordPress Security plugin.
Here is the complete list of tests:
- Check if WordPress core is up to date
- Check if automatic WordPress core updates are enabled
- Check if plugins are up to date
- Check if there are deactivated plugins
- Check if active plugins have been updated in the last 12 months
- Check if active plugins are compatible with your version of WP
- Check if themes are up to date
- Check if there are any deactivated themesCheck if full WordPress version info is revealed in page’s meta data
- Check if readme.html file is accessible via HTTP on the default location
- Check the PHP versionCheck the MySQL version
- Check if server response headers contain detailed PHP version infoCheck if expose_php PHP directive is turned off
- Check if user with username “admin” and administrator privileges exists
- Check if “anyone can register” option is enabled
- Check user’s password strength with a brute-force attack
- Check for display of unnecessary information on failed login attempts
- Check if database table prefix is the default one
- Check if security keys and salts have proper values
- Check the age of security keys and salts
- Test the strength of WordPress database password
- Check if general debug mode is enabled
- Check if database debug mode is enabled
- Check if display_errors PHP directive is turned off
- Check if WordPress installation address is the same as the site addressCheck if wp-config.php file has the right permissions (chmod) set
- Check if install.php file is accessible via HTTP on the default location
- Check if upgrade.php file is accessible via HTTP on the default location
- Check if register_globals PHP directive is turned off
- Check if PHP safe mode is disabledCheck if allow_url_include PHP directive is turned off
- Check if plugins/themes file editor is enabled
- Check if uploads folder is browsable by browsers
- Test if user with ID “1” and administrator role exists
- Check if Windows Live Writer link is present in pages’ header data
- Check if wp-config.php is present on the default location
- Check if MySQL server is connectable from outside with the WP user
…and so much more.
Once the plugin has discovered the issues and holes that may make you website vulnerable to attacks, it will show you how to fix the problems. One by one.
Security Ninja Pro
Security Ninja also has a Pro Version which has six additional modules:
Allows you to stop bad guys before they even get to your site by banning bad IPs collected from millions of attacked websites. You can also protect your login forms from brute-force attacks by banning visitors who fail to login after several attempts within a given time frame.
Scans the WP core files with one click and quickly identifies the problematic files.
This module keeps all custom WordPress files in check. From themes to plugins.
If you don’t like creating backups and editing files or messing with the code, Auto Fixer is the perfect module for you. It does all that with just one click without getting your hands dirty.
This module optimizes your site for speed. Adding content to your site leads to garbage accumulation in your database which may slow down your site and take up your disk space.
This module allows you to know everything about your site. It monitors over 50 events within your site and then reports back to you.
These modules provide an all-in-one security solution for just any site. Also, premium users get to enjoy premium support and continous updates. Security Ninja Pro is a perfect tool to keep your WordPress site safe.
The cheapest Pro package goes for $29 and works only on one site. You will get all the Pro Modules, 1 year of updates and 1 year of premium support in case of anything.
The $79 multi site Pro package can be used on 99 websites.
The top Pro package ( Agency Lifetime) costs $199 and it can be used on 99 websites – yours and clients’. This package is best for web developers and web designers.
See what Pro Version offers.
Security Ninja is the best WordPress Security plugin that will help you point out the holes in your site. Just as I had said, it will also tell you how to fix the issues. And as a website owner or a developer, it is important that you regularly check your site’s vulnerability. Always take extra precautions towards your site’s security with Security Ninja plugin. Download a free version and join over 20,000 other users.
Well, that’s it.
Do you use Security Ninja? What’s your experience with the plugin? Please do share with us on the comments section. I’ll be glad to respond to your comments.