Wordpress is one of the most highly rated CMS currentlybeing used throughout the world because of its mere easiness to use backend.Any non-technical user would be able to install themes of liking and plugins toincrease functionality on site.
Because CMS is easy to use, users do most common mistakes inwordpress which needs to be avoided or else would lead to large scale vulnerabilities.
1) Default admin URL:
When you install wordpress , it comeswith a default URL structure for accessing admin side.It means this page can be easily accessible toall the users who know this admin name. This has become one of the most crucialpoint for hacking of wordpress based websites. Changed the name of admin toyour like so that others cant access admin easily.
2) Login Credentials:
With admin, developers have mostcommon habit of making mistakes by assigning world famous username admin to its second most famous password admin/123456.This has leaded another aspectfor fishers and attackers to hack the site easily. Always generate strong andsolid passwords and keep some nice username which cant caught easily byhackers.
3) Installing Unnecessary Plugins:
Developer has tendency to installplugins while development and then not removing it from admin after the site islive. Unnecessary collection of plugins can reduce the speed of the website byconsiderable amount and even non technical client might get confused. Alwayskeep files, images and plugins that are used in website and remove all unwantedthings. This way website will run faster and admin will look neat and nice touse.
4) Not changing default Wordpress prefixfor tables wp_ :
Another aspect of site gettinginjected is because of using default prefix that comes for tables. Always try to change wp_ prefix tosome standard liking of your prefix. This will avoid hackers use common prefixfor hacking tables.
5) Not taking regular backups:
Always make a habit of taking backupson regular basis and usually before doing any changes.
6) Approving bots comments:
Whenever you install wordpress,comments are active by default. No matter what post you write, comments are alwaysactive. Accepting comment from spam or bots would always lead to site injection.
7) Use of permalinks:
Avoid using links structure which hascertain ID passed in URL. One cons isgoogle will not index such pages and second is this sites are the most commonto get hacked.
8) Not updating to latest version
I have seen most common mistake non technicalpeople do is they don't update plugins or wordpress to latest version. Theyfeel scare to update in case it may lead to stop certain functions on site. Butin actual , updation is good because it involves lot of security patches, bugfixings and latest compatibility issues.
Miraj Mor is Technogeek, Entrepreneur and founder at Greencubes. He is one of the leader and mind who invests lot of time in client relationship management and business development strategies. He follow "We don't work only on projects, We work on building relationships".