The problem isn't with the core WordPress engine, but with the plugins people install on their sites. WordPress engineers are working with plugin vendors to patch the leaks, but the responsibility ultimately lies with a constellation of independent development companies.
To make matters worse, many WordPress users don't update their plugins as often as they should. This lack of priority leaves users running old plugins that now have a variety of security holes.
However, you don't need to be a tech wizard to keep your WordPress site safe. Here are some tips you can follow to keep your WordPress site safe from intruders.
Audit Your WordPress Plugins
Plugins and themes become deprecated, obsolete, or have bugs in them that leave your entire site wide open to bad actors.
For each plugin you want to install, look at this list of criteria to ensure this plugin is relatively safe to use:
The plugin has a large install base.
Look at the number of installs before you add it to your site.
There are a lot of reviews, and almost all of them are 4-5 stars.
Double-check the ratings and reviews of each plugin. If anything has a chance of going wrong, you'll find out about what went wrong in the review section.
The developers are actively pushing updates and security patches.
If a developer hasn't updated their plugin in a long time, it will have vulnerabilities that hackers will expose to gain access to your site.
Read the Terms of Service. Your plugin may have unwanted extra features that the developers didn't advertise on their plugin page. If the plugin changed owners before the latest update, you might want to look for a more secure plugin to take care of the tasks your old plugin handled.
Remove Unused WordPress Plugins
Use only the plugins you need. Using too many plugins slows your site down; it also introduces another potential access point for hackers to access your site.
Even if these plugins are disabled, they stand a chance of compromising your site. If you don't use it, lose it.
Update Your WordPress Plugins
Unless you downloaded your plugins from a third-party source, you can easily update your plugins by selecting the plugins you want to update. WordPress will tell you which plugins are ready for updates.
Follow These Simple Steps to Keep Your WordPress Site Secure.
When it comes to WordPress plugins, less is more. The fewer plugins you have, the more secure your site will be for you, and the faster it will be for your visitors. Take the time to understand your plugin needs and get rid of any plugins that don't meet your criteria.