The image on the right is a great WordPress Security infographic which shows how WordPress sites get hacked. (right click on it and open in a new tab to see a larger version) It is an older one but most of the information contained in it is still valuable and accurate. If you continue to read this blog for long you will notice a recurring theme and that theme is security. You must keep your WordPress website secure or you leave yourself, your website, and even your business open for attacks.
Most of what you will see with this infographic has to do with hosting, plugins, weak passwords, etc. These areas are generally the most vulnerable to attack from hackers, data thieves, and others seeking to break into your site.
There is one area of this graphic that I am not totally in agreement with and that is near the bottom. It notes that free WordPress themes should not be installed. While I personally would not use a free theme it does not necessarily mean that all free themes are inherently bad or insecure. The biggest issue is that since it is a free theme there may not be any real support and may not even be updated to be compatible with the current WordPress version.
I would, however, recommend against installing a premium theme that you did not purchase from the developer themselves. There are my sites that offer “free” versions of premium themes because WordPress requires any theme that will be distributed to be licensed under GPL (General Public License). WordPress states:
The GPL establishes the following four freedoms:
- Freedom to run the program for any purpose.
- Freedom to study how the program works and to change it, so it performs computing as you wish.
- Freedom to redistribute copies, so you can help your neighbor.
- Freedom to distribute copies of your modified versions, giving the community a chance to benefit from your changes.
Because of this freedom, it also means that those who are “distributing” the premium themes for free could inject malicious code into the theme without you even knowing it.
Use this infographic to help better understand the ways that WordPress sites get hacked and either secure and maintain those areas or hire a company like WP Maintenance Plans to take care of the security of your site.