Bud, the issue is likely that WordPress is a high profile target by hackers with automated scripts and notorious for being so complex and so many optional plugins and whatnot that there’s always vulnerabilities. Thus it’s critical to always be running the latest version as that generally has the most security holes patched. Of course some new version contain new security holes.
5.6.2 is the latest version: https://wordpress.org/download/releases/
Note their comment there: “None of these are safe to use, except the latest in the 5.6 series, which is actively maintained.” All but the latest have known security problems.
Presumably you have hosting with some panel that automatically installs this stuff. See if your provider has an option to upgrade or reinstall your installation with the latest. If not, contact customer support and tell them you need access to the latest version. If the response is unsatisfactory, then make sure whichever provider you switch to is completely on top of the latest releases.
It’s also possible to lease raw servers and put whatever you like on them, including selecting the specific distribution of Linux you like and manually installing packages, then you can just keep it updated yourself. There’s some places that will lease virtual private servers you have total control of for like $5-10 a month. But with this solution you then get to be in charge of deflecting a wider variety of hacking attempts, maintaining the firewall, and so forth. This can take a lot of time to tweak. If you don’t do this, soon the number of automated hacking attempts, which can ramp up to thousands per second from countless different ip addresses, each trying every possible password to hack in simply overwhelm the server. (I personally recommend blocking entire huge ranges of blocks from China in particular – these are almost all relatively harmless Chinese citizens trying to hack servers so they can bypass the Great Firewall of China’s censorship engine. But there’s so many of them you have to just block China.)
Obviously it can make more sense to leave that part out and get managed hosting instead. But they need to keep the installations fully patched, otherwise your server is a sitting duck with older installs. And if they can’t do that, switch providers.
One last thought is to be cautious if you have shared hosting where multiple random sites are on a single ip address. If one of the other customers has bad security, hackers can sometimes get to your account through some other one, depending on how badly the shared hosting is set up.
Thanks, Scott. I really appreciate advice from people who know what they’re doing. I’ll definitely be looking for a more secure host. And first off I’ll see if I have the latest software.
I didn’t and I just now updated.
Your email address will not be published. Required fields are marked *