{"id":21739,"date":"2023-11-26T09:54:52","date_gmt":"2023-11-26T07:54:52","guid":{"rendered":"https:\/\/wpbeveiligen.nl\/?p=21739"},"modified":"2023-07-26T09:58:24","modified_gmt":"2023-07-26T07:58:24","slug":"wordpress-security-the-pyramid","status":"publish","type":"post","link":"https:\/\/wpbeveiligen.nl\/en\/wordpress-security-the-pyramid\/","title":{"rendered":"WordPress security – The pyramid"},"content":{"rendered":"
<\/a><\/p>\n The Base is WordPress<\/strong> Focusing on one aspect, such as having a good programmer\/designer, secure passwords, or the latest updates, won’t be enough. As you can see from the pyramid, it’s just one part of the whole.<\/p>\n To achieve a genuinely secure WordPress website, you need to secure all aspects.<\/p>\n We will help you, step by step, to make each part of the pyramid secure so that your WordPress website is truly protected!<\/p>\n A good WordPress website developer will use no more than 8-10 plugins<\/strong>. Each additional plugin is an opportunity for hackers, as not all plugin developers are experts in security.<\/p>\n This is where knowledge comes into play; the programmer\/designer needs to be aware of the risks associated with each additional plugin and should consider coding certain features instead of relying on plugins.<\/p>\n However, bear in mind that a programmer\/designer may take longer to create functions without using plugins, so the budget may need to increase! You can’t expect a programmer to build a fully functional website for a small amount (150-300) and also ensure top-notch security. (Also, not every programmer who charges a lot of money is necessarily good!!)<\/p>\n Whether it’s premium or free, it doesn’t matter.<\/p>\n Really?<\/strong><\/p>\n Premium themes are more frequently targeted by hackers because they prefer to hack sites that involve money. Premium plugins are commonly used, and hackers know that.<\/p>\n In short, being premium is not a guarantee. Do some research to see if the theme is listed in this database<\/a><\/span>.<\/p>\n As shown in the pyramid, plugins play a significant role in the website’s security, with more than 36.3% of the website’s security depending on them. Do you know who made your plugin? And do they have expertise in security?<\/p>\n There are 44,273<\/strong> plugins available for free download on WordPress.org.<\/p>\n This is a fantastic offering! Plugins such as:<\/p>\n These are excellent plugins that can transform WordPress into an online shop or marketing machine!<\/p>\n However, once they gain popularity, hackers download the plugins and search for vulnerabilities. Once found, they create a script that scans websites for the presence of the targeted plugin and then executes a script to fill your website with ads, advertising the hacker’s products. Often, these products are related to Viagra, as it apparently sells well??<\/p>\n Hosting is where your website resides. This is known as a “data center.”<\/p>\n Sounds cool, and it is. High-tech computers are running to serve your website.<\/p>\n Well, high-tech… they are actually expensive stripped-down computers! What is the host’s responsibility?<\/strong><\/p>\n The host must ensure that the server software is up to date. The websites are displayed via a computer running Linux or Windows, and these should not get infected\/hacked. This rarely happens, which is why this accounts for only 9.09% in the pyramid.<\/p>\n What does a good host do?<\/strong><\/p>\n A good host wants to keep their high-tech computers fast, meaning they ensure that websites are being visited while hacker scripts are not active. Sometimes, a hosting company might ask you to keep all WordPress plugins up to date.<\/p>\n Or they might even take your WordPress website offline<\/a>!<\/p>\n If your website is busy sending spam<\/a> or launching attacks on other servers\/computers of the host, they may take your website offline to stop this disruptive behavior.<\/p>\n
\nAt the top of the pyramid, it all begins with the programmer\/designer who sets up your WordPress website.<\/p>\nSecuring Just One Part is Useless!<\/strong><\/h2>\n
A Truly Secure WordPress Website<\/strong><\/h2>\n
\n
The Programmer\/Designer<\/h2>\n
The Theme<\/h2>\n
The Plugins<\/h2>\n
\nPlugins are “third-party made,” which means they are developed by individuals in their basement or by teams launching a plugin.<\/p>\n\n
The Hosting<\/h2>\n
\nPowerful processors and ample storage ensure that websites are served quickly when a visitor requests them.<\/p>\nThe User<\/h2>\n