Over 14.7% of all internet domains (over one million websites) and 22% of all active domains run on WordPress. The success of WordPress is the consequence of a number of factors, including its attractive features. One of these features is the existence of thousands of plug-ins, codes that improve the way in which the WordPress site works. Most of them are free, providing their users a cost-effective way to have an attractive and effective site. The use of WordPress does, however, entrails a number of security risks. The main security risks experienced by WordPress users include the owners’ risk of data theft, malware attacks, virus attack, SQL injection attacks, and password breaking attacks, etc. A number of individuals are also developing plug-ins aiming to hack WordPress sites and collect personal data on their owners. The use of this kind of malware to spread viruses can be so subtle that the owners may not realise that the site has ever been infected. Therefore, extreme caution is advised when downloading plug-ins.
In addition, hackers are also using a number of software devices that can be used to determine the password of WordPress users. Recent incident publicised by the media include the development of a distributed WordPress administrator account cracking scheme. This account, created by hackers, supposes a serious security risk for the owners of WordPress sites that use insecure short or simple passwords. “PHP scripts located on a virtual server run bruteforce (password guessing) attacks on targeted sites” (Leyden, 2009). Numerous WordPress blogs and sites can be simultaneously attacked by the system, with the intercepted data results recorded in an associated database. According to the SANS Institute’s Internet Storm Centre this kind of attacks against WordPress are extremely common. In addition, WordPress also suffers from SQL attacks, were codes are injected by hackers, where numerous WordPress sites affecting the sites’ permalinks making them ineffective, stopping the URLs site posts will stop working.
For this reason, computer experts and companies like Microsoft have discussed this issues in a number of articles, stating that one of the best ways to fight against this criminal use of software technology is ensuring that password are always long and difficult to guess. Capital and lower care letter, numbers and symbols are all unavoidable elements of a strong password. In addition, Microsoft has developed a Password Checker feature on the www.microsoft.com website that can help WordPress users to determine their password’s strength and prove a number of combinations until they can find a strong password that can be difficult to “crack” or “break” by hackers.