How To Keeping Your WordPress Website Secure in 2024

Hostinger has been ensuring the safety and security of your websites since 2004. Every year brings out fresh obstacles in the realm of website security, and the year 2023 was no exception. The previous year gained notoriety for the surge of artificial intelligence, a technology also employed by cyber thieves.

Learn how Hostinger successfully prevented hostile actors from compromising the websites of more than 2 million clients in 2023. In addition to the five lessons learned, we will also provide valuable insights to assist you in mitigating cyber dangers.

How To Keeping Your WordPress Website Secure in 2024

The Hostinger malware scanner, utilizing the capabilities of Monarx, successfully detected and eliminated close to 500 million occurrences of malware over the year. The quantity of eradicated malware has decreased by half compared to 2022, mostly due to our acquisition of knowledge on effectively managing Phoenix, an uploader that distributes more malware to computer systems.

By excluding the impact of Phoenix, there has been a notable rise in the number of distinct malware instances in the past year, indicating a probable continuation of this pattern.

Managed IT Services

During sales periods, when there is a higher number of internet users who are actively making purchases and may not be prioritizing security measures, the occurrence of malicious activity reaches its highest point. Our malware scanner operated diligently during the peak sales periods in November and December and saw slight increases in activity in May and August.

Moreover, generative AI is progressively fueling an escalating competition with hackers, as it enhances the sophistication and destructiveness of malware.

Enterprise Raiders Target Small Businesses

Web shells, uploaders, and adware remain prevalent in website malware rankings, however, there is a rise in newer threats targeting small enterprises and local establishments.

Initially, there is a growing trend of ransomware specifically focusing on them by encrypting data and requesting a payment in exchange for restoring access. Until around a year or two ago, their main focus was on attracting and serving large, financially stable companies.

Furthermore, cryptocurrency miners are escalating their operations, especially during periods of declining bitcoin values and a decrease in the number of conventional miners, so making web server mining highly profitable.

Blog Nrtechsol Leading Digital Media Agency

Redirects are increasingly more popular and provide a substantial risk due to their fast capacity to change, often invading both legitimate files and databases. The wp_posts table is widely used, however its location can vary.

Encountered more than 185,000 distributed denial-of-service (DDoS) attempts, with an average of 500 attacks each day. The United States saw the most number of attacks on its data centers, with Brazil and India following closely behind.

The highly sophisticated traffic filter effectively blocked most DDoS assaults by swiftly activating and redirecting harmful traffic to the filter instance. By implementing this technique, we managed to decrease the utilization of remotely activated black holes by a staggering 95%. As a result, our services and clients experienced significantly improved uptime.

The traffic filter has successfully mitigated highly potent attacks. Several of these occurred immediately before the major holidays, specifically on December 21 and 24, within our Singapore data center. The initial attack lasted for a duration exceeding 6 hours, bombarding consumer websites with a rate of 2.3 million packets per second (Mpps) and a speed of 18 gigabits per second (Gbps). Shortly thereafter, another assault occurred, reaching its highest point at a rate of 3.6 million packets per second and a bandwidth of 1.3 gigabits per second.

Fortunately, none of these attempts, including several others, had any effect on our infrastructure or your websites.

Power Struggle Between Botnets and CDNs

Botnets, particularly Mirai, are a form of malicious software that experienced an increase in conjunction with advancements in content delivery networks (CDNs). Put simply, as CDNs improve, larger botnets are required to effectively inundate websites, and conversely, as botnets grow in size, CDNs need to be better to counteract them.

A concrete demonstration can be found with Hostinger CDN. Introduced amid the previous year, it effectively countered multiple attacks, including one of significant strength. A client’s site was inundated with over 10 million requests per second (Mrps) within a three-hour timeframe. After the incident, our specialists examined the data and utilized it to improve our Content Delivery Network (CDN), resulting in a threefold increase in its power compared to its previous state before the attack.

Undoubtedly, this incident is not comparable to the unprecedented 71 million packets per second (Mrps) attack that Cloudflare successfully handled last year. Nevertheless, it is crucial to acknowledge that our clientele does not belong to the Fortune 1000.

Beware of Fake and Insecure Plugins

WordPress, utilized by 43% of all websites, including over 3 million hosted by Hostinger, is the prevailing content management system. It is not surprising that it remains a primary target for cyber threats.

Last year, prominent WordPress security vendors including Patchstack, WPScan, and Wordfence detected more than 4,000 Common Vulnerabilities and Exposures (CVEs), which accounted for around 14% of all CVEs found.

The vulnerabilities primarily stem from plugins, with counterfeit plugins being the most prominent. The specifics of these plugins may differ, but both their excellence and quantity have been swiftly escalating. We expect this pattern to continue in 2024 as generative AI technology further facilitates the production of counterfeit plugins.

Hostinger clients may rely on WordPress automatic updates and a vulnerability scanner for added security. The scanner instantly alerts clients of any vulnerabilities found on their websites and offers guidance on the essential steps to take.