5 Security Threats Facing WordPress Users

WordPress Website Security

WordPress is one of the most widely used content management systems on the Internet today. Originally developed as a blogging platform, WordPress has been expanded into a comprehensive and versatile CMS that is used by everyone from major media companies and government agencies to individual bloggers. WordPress can be uploaded onto the user’s own webspace and free WordPress blogs are also available at

Partly because of its significant market share, WordPress has become a tempting target for hackers and other online criminals. By gaining access to a WordPress site, criminals can turn it into an attack site (one that downloads malicious code onto the computers of people who view the page), commit vandalism or steal information for the purposes of further identity theft. By maintaining an awareness of current threats, you can protect your WordPress site from attacks.

Outdated Versions

The most recent version of WordPress (v3.5.1) contains 37 bug fixes, including fixes for three crucial security flaws. Older versions still have these flaws and other issues, making them more vulnerable to attacks. Ideally, you should be running the latest version of WordPress; if this isn’t possible, you must at least ensure that you are taking alternative precautions. Hiding which version of WordPress that you’re using is simple and will make it harder for criminals to attack your site.

To hide the version of WordPress you are using, open the functions.php file from your theme and insert the following line of code:

remove_action(‘wp_head’, ‘wp_generator’);

This will stop WordPress telling users what version of WordPress you are using, keeping hackers in the dark about security risks they might exploit.

Abandoned and Risky Plugins

Plugins are very useful for expanding the functionality of your WordPress site. Some plugins may be infected with malicious code or contain security issues; it’s important to make sure that you only use reputable plugins and update them regularly. If a plugin is abandoned and no longer updated, then security may be compromised and you may be better off removing it.

Allowing Unlimited Login Attempts

While choosing more secure passwords can help reduce your vulnerability to brute force attacks, you can also improve security by limiting the number of login attempts in a certain time period or from a particular IP number.

Universal Registration

Allowing anyone to register with your WordPress site may seem like a good idea; for example, you may want people to leave feedback on products or comment on articles and content. This kind of activity should be managed via a commenting system, however, rather than allowing people to register directly. Depending on your settings, universal registration can be used to access your dashboard and private information, or to commit vandalism or take control of your site. You can prevent this by restricting registration from your general settings screen.

Vulnerabilities in Themes

WordPress themes allow you to customize the look and feel of your site. Unfortunately, like plugins, they can sometimes be used to attack your site, perhaps by including a backdoor in the code. Ensure that any theme you use is free from malware or security flaws.


Remember that as a popular piece of software, new WordPress vulnerabilities will inevitably arise over time as criminals attempt to find ways around security systems. Keeping your software up to date will help protect your site.

Key Takeaways

• Install the latest version.

• Disable universal registration.

• Keep your security software up-to-date.

• Install any recommended security plugins.

Author Bio: Jason Stevens from / Freelance web developer, tech writer and follower of cloud computing trends. Follow him on Twitter: @_jason_stevens_.

* reserve the right to agree or disagree with our guest bloggers. Call it freedom of speech, but our guest bloggers are entitled to have an opinion. If you wish to agree or disagree, then feel free to leave a comment. Thanks for visiting our blog! If you wish to become a Guest Blogger for UK2, please contact our marketing department.

This article was brought to you by, for dedicated server hosting, cloud servers and 24/7 support visit our site here

No Comments

Leave a Reply

Stop blending in with the rest of the crowd and start leaving your mark on the web

“I've been a faithful customer of for about 12 years, regularly registering new domains on behalf of clients. The costs are superb value, and the service - online or over the phone - is fantastic. I'd highly recommend them to anyone - and regularly do.“

Jay Commins - Pyper York Ltd

“We would like to thank the support team for easily answering our website problem. They turned my day around with just a simple, understandable resolution with a friendly Service so a big thank you from me and all the elves here at the wicked chilli company“


“Great experience with UK2 support. We've been with them since they started up way back. Always good responses and the tech guy today who helped me out after I wiped my .htaccess file was brilliant. I'd recommend without reservation.!!“

Julian Jones - Hursley emc services Ltd

“I have been a customer of UK2 for as long as I can remember. It never ceases to amaze me the speed in which you respond to problems or queries, usually of my own making. The live chat for tech support is so efficient. I have nothing but praise for you guys and gals. The level of service is second to none. Nothing ever seems to be too much hassle. Well done, you all deserve a medal.“

- Yvonne Armitage Computer Services

“9pm on Sunday evening, realised that I hadn't renewed my hosting service. 10 minutes of help from your live chat support and my websites are up and running again. As a company offering 24 hour emergency electrical/locksmith services most of our work comes from the websites, so getting this fixed without having to wait for Monday morning was very important.“

Nick Lane - Kent Security and Electrical