I guess there are many people in Portugal using WordPress -Content Management System (CMS) their websites. But how secure is it? This report by State of Security gives a alarming situation if you fail to provide the site with proper security maintenance.

WordPress is currently one of the fastest growing content management systems. As of this writing, WordPress is used by 34% of all websites and has a CMS market share of 60.7% Some 24,808,989 live websites that use WordPress. What’s more, there are over 800 new sites built daily and more than 55,000 plugins.

In 2018 WordPress suffered 90 percent of CMS cyberattacks, (up from 83 percent in 2017) Keeping your WordPress site safe from cybercriminals requires that you avoid the systems worst security practices. When a WordPress site broadcasts worst security practices, you can rest assured — the cyber criminals will always line up to listen.

WordPress worst security practices include:

  1. Minimal or no WordPress maintenance (not updating core, plugins, and themes).
  2. Not backing up the database and files.
  3. Lack of malware checks, security scans, security plugins (or services) and security monitoring.
  4. Failure to limit login attempts.
  5. Failure to use sitewide SSL.
  6. The use of weak passwords.
  7. Using the default user admin account instead of using a custom name.
  8. Adding too many admins (use caution when giving user privileges).
  9. Not using two-factor authentication (2FA).
  10. Using plugins and themes from untrustworthy sources.
  11. Failure to use the latest PHP version.
  12. Failure to use a firewall.
  13. Using “cheap” low quality or shared hosting.

Though the above list is not comprehensive — on the positive side, it provides a baseline to build upon. To clarify, moving away from WordPress worst security practices