Types of Website Attacks
- Defacement: Change in appearance of website
- Malicious redirect: Malicious redirect attack redirect your website to another website
- iFrame Injection : Embed a hidden iframe on your website that load another webite on your visitor browser and this can lead to infecting for website
- Phishing Scam:
- Search engine Optimization Spam: This attack ruin your seach engine result
- Back door shell: An attacker upload a PHP code to your website, which allow him to control your website.
How to Prevent These Attacks
- Update WordPress website
- Update plugins
- Use Firewall to protect your server
- Use plugin and themes from trusted source
- Manage WordPress users using the concept of least Privileges
- User complex and secure password
- Limit built in user role
- Monitor and establish user accountability. Know who logged in , when, what changes made, what was done.
- Remove unused theme, plugin, files that that are not patched or used for a long time.