Hi for this week of the blogging challenge I’m going to talk about WordPress vulnerability’s and how you can protect yourself from them. Surprisingly there are tons of different vulnerability’s in WordPress and they come in all shapes and sizes the first one I’m going to talk about in this blog post are vulnerable themes. After researching the majority of vulnerability’s were xxs (cross site scripting) or sql injection (code injection technique) in case you want to know more about these exploits I will link two helpful articles sql injection xxs. Now some ways you can protect against these attacks the easiest and really the only way is to just download a theme that isn’t vulnerable. But how can you do that you ask well there are a few different ways but I would recommend just doing research for example if you are not sure just put the name of the theme into this database and if it’s vulnerable it should pop up for example here a photo of me searching up the theme I’m using right now
For the next vulnerability I’m going to talk about one of the most simple yet where the majority of people screw up which is your password fun fact did you know in a recent study the uk national cyber security centre found that 23.2 million people had the password 123456 (you can find that here)so if that’s your password you should probably change it. Even though that password seems as though it would be easily hacked even more complex passwords can be hacked relatively easily using a technique called a brute force attack more specifically a dictionary attack. What is a dictionary attack you ask well a dictionary attack is a form of brute force attack where whatever tool you are using takes a list of anywhere from 100 to 11000000 passwords (the dictionary) and it tests too see if any of them match with your password the reason this is so effective when it comes to cracking passwords is the fact that most dictionary’s contain password from hacks for example you can download a dictionary that contains every password leaked in the Ashley Madison hack from August of 2015 which if I’m not mistaken was multiple million. In my opinion the reason that is so important is because just like me from a few months ago the majority of peoples passwords follow this formula some significant name or thing with some letters swapped out for numbers and maybe an exclamation point at the end just to top it off. for example I took the most popular male dog name which is Charlie and did exactly what I just said to it I think it would look something like this Ch4rl13!. Now doesn’t that look secure to most people it probably does but thinking about it if you have a password like that there is a significant chance that someone else has the same password as you. So how do you protect against these attacks and try to make your account more secure first of all I would recommend making you password a combination of random characters for example +6^5yFcPKtfcL=56~5_ the reason I say that is because a password like that is almost impossible to guess and the chances of someone else having the same password are around 1 in 2 Billion. The only issue with this type of password is it’s super hard to remember so what I would recommend is if there’s nobody in your house that may try to steal your password to just write it down on a sticky note and put it somewhere you won’t lose it if you can’t do that what I would recommend is to use a secure password storage program for example personally I use last pass because it’s secure and it’s easy to use. One more thing I like about last pass is it also generates passwords so you don’t have to come up with them yourself.
in conclusion there are ways people can hack your wordpress blogs but there also ways you can protect against them. That being said I’m not guaranteeing that by following my tips your blog will be hack proof so just stay safe and have fun blogging.