One of the reasons that WordPress is so popular, powering 25% of all websites, is how easy it is use. This is encouraging a lot of beginners to build their own websites. In fact, according to our recent WordPress Security Survey, 17.4% of respondents self-identify as novices or having little to no website security expertise.
For you beginners out there we recommend that you start with our Introduction to WordPress Security article. In it you will learn how to run more secure websites. We cover topics like password security, how to manage comments, how to select and manage themes and plugins and how to manage user security.
To bring a close to 2015 we conducted a WordPress security survey. We sent a broadcast to our community and 7,375 members responded by completing what was a long and comprehensive survey.
Firstly, a big thanks to the thousands of WordPress community members who took the time out of their busy schedules to complete this survey. We appreciate it and we hope you find the results useful in your daily work with WordPress and in your decision making.
Exec summary: There is currently a botnet that has been identified that is targeting WordPress websites with a password guessing attack. If you have Wordfence installed with our default settings, you are already protected against this attack. The botnet is powered by modem/router devices. ISP’s are gradually patching the devices but many are left vulnerable or infected as some ISP’s respond slowly to this issue.
In February of this year a security researcher at Voidsec noticed brute force attacks on his personal WordPress site and he noticed a pattern in the IP addresses attacking his site. They were mostly Italian internet service providers. They were:
We had a lot of fun creating our WordPress Security Learning Center. One of the coolest experiences was being able to share with WordPress site administrators how attackers actually gain entry to their sites.
Today we have something amazing to share with you. Earlier this year we started a project to understand more about you and your needs. The site owners who use WordPress to run your personal and business websites.
What we discovered is that you are diverse individuals who rely heavily on WordPress and your websites to help you do the things that you are passionate about. You are also constantly learning and you have a strong desire to learn more about WordPress security to empower yourselves.