{"id":13798,"date":"2023-03-20T21:38:56","date_gmt":"2023-03-20T21:38:56","guid":{"rendered":"https:\/\/www.hostduplex.com\/blog\/?p=13798"},"modified":"2023-10-20T09:57:23","modified_gmt":"2023-10-20T09:57:23","slug":"common-wordpress-security-mistakes","status":"publish","type":"post","link":"https:\/\/www.hostduplex.com\/blog\/common-wordpress-security-mistakes\/","title":{"rendered":"Common WordPress Security Mistakes to Avoid in 2023"},"content":{"rendered":"\n<p><a href=\"https:\/\/wordpress.com\/\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/wordpress.com\/\" rel=\"noreferrer noopener\">WordPress<\/a> is the undisputed king of content management systems, powering over 40% of all websites worldwide. But the same simplicity that makes it so appealing can also make it vulnerable to security breaches. Unfortunately, even the slightest WordPress security mistake can lead to devastating consequences. As a WordPress site owner, it&#8217;s crucial to avoid common WordPress security mistakes to keep your site safe from the ever-increasing number of cyber threats.<\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_62 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title \" >Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.hostduplex.com\/blog\/common-wordpress-security-mistakes\/#Outdated_Operating_System_or_Server_Software\" title=\"Outdated Operating System or Server Software\">Outdated Operating System or Server Software<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.hostduplex.com\/blog\/common-wordpress-security-mistakes\/#How_to_Update_Your_Operating_System_and_Server_Software\" title=\"How to Update Your Operating System and Server Software?\">How to Update Your Operating System and Server Software?<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.hostduplex.com\/blog\/common-wordpress-security-mistakes\/#Outdated_PHP_Versions\" title=\"Outdated PHP Versions\">Outdated PHP Versions<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.hostduplex.com\/blog\/common-wordpress-security-mistakes\/#How_to_Update_Your_PHP_Version\" title=\"How to Update Your PHP Version?\">How to Update Your PHP Version?<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.hostduplex.com\/blog\/common-wordpress-security-mistakes\/#Outdated_themes_and_plugins\" title=\"Outdated themes and plugins\">Outdated themes and plugins<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.hostduplex.com\/blog\/common-wordpress-security-mistakes\/#How_to_Keep_Your_WordPress_Core_Plugins_and_Themes_Up-to-date\" title=\"How to Keep Your WordPress Core, Plugins, and Themes Up-to-date?\">How to Keep Your WordPress Core, Plugins, and Themes Up-to-date?<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.hostduplex.com\/blog\/common-wordpress-security-mistakes\/#Using_Third-party_Plugins_Only_from_Trusted_AuthorsSources\" title=\"Using Third-party Plugins Only from Trusted Authors\/Sources\">Using Third-party Plugins Only from Trusted Authors\/Sources<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.hostduplex.com\/blog\/common-wordpress-security-mistakes\/#Why_Choose_Trusted_Authors_and_Sources_for_Third-party_Plugins_and_WordPress_security_plugins\" title=\"Why Choose Trusted Authors and Sources for Third-party Plugins and WordPress security plugins?\">Why Choose Trusted Authors and Sources for Third-party Plugins and WordPress security plugins?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.hostduplex.com\/blog\/common-wordpress-security-mistakes\/#How_to_Choose_Trusted_Authors_and_Sources_for_Third-party_Plugins\" title=\"How to Choose Trusted Authors and Sources for Third-party Plugins?\">How to Choose Trusted Authors and Sources for Third-party Plugins?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.hostduplex.com\/blog\/common-wordpress-security-mistakes\/#Top_WordPress_Security_Tools_and_Plugins\" title=\"Top WordPress Security Tools and Plugins\">Top WordPress Security Tools and Plugins<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.hostduplex.com\/blog\/common-wordpress-security-mistakes\/#Lack_of_Backups\" title=\"Lack of Backups\">Lack of Backups<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/www.hostduplex.com\/blog\/common-wordpress-security-mistakes\/#Why_is_Having_Regular_Backups_Essential_for_Your_Website\" title=\"Why is Having Regular Backups Essential for Your Website?\">Why is Having Regular Backups Essential for Your Website?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/www.hostduplex.com\/blog\/common-wordpress-security-mistakes\/#How_to_Back_up_Your_Website\" title=\"How to Back up Your Website?\">How to Back up Your Website?<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/www.hostduplex.com\/blog\/common-wordpress-security-mistakes\/#Weak_Passwords\" title=\"Weak Passwords\">Weak Passwords<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/www.hostduplex.com\/blog\/common-wordpress-security-mistakes\/#How_to_Create_a_Strong_Password_for_Your_WordPress_Site\" title=\"How to Create a Strong Password for Your WordPress Site?\">How to Create a Strong Password for Your WordPress Site?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/www.hostduplex.com\/blog\/common-wordpress-security-mistakes\/#How_to_Manage_Your_WordPress_Passwords\" title=\"How to Manage Your WordPress Passwords?\">How to Manage Your WordPress Passwords?<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/www.hostduplex.com\/blog\/common-wordpress-security-mistakes\/#Ignoring_User_RolesPermissions\" title=\"Ignoring User Roles\/Permissions\">Ignoring User Roles\/Permissions<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/www.hostduplex.com\/blog\/common-wordpress-security-mistakes\/#Why_Regularly_Auditing_User_Roles_and_Permissions_Is_Important\" title=\"Why Regularly Auditing User Roles and Permissions Is Important?\">Why Regularly Auditing User Roles and Permissions Is Important?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/www.hostduplex.com\/blog\/common-wordpress-security-mistakes\/#How_to_Audit_Your_User_Roles_and_Permissions\" title=\"How to Audit Your User Roles and Permissions?\">How to Audit Your User Roles and Permissions?<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/www.hostduplex.com\/blog\/common-wordpress-security-mistakes\/#Neglecting_File_Permissions\" title=\"Neglecting File Permissions\">Neglecting File Permissions<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/www.hostduplex.com\/blog\/common-wordpress-security-mistakes\/#Why_do_Proper_File_Permissions_Matter_for_Your_Websites_Security\" title=\"Why do Proper File Permissions Matter for Your Website&#8217;s Security?\">Why do Proper File Permissions Matter for Your Website&#8217;s Security?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/www.hostduplex.com\/blog\/common-wordpress-security-mistakes\/#How_to_Set_Proper_File_Permissions_for_Your_WordPress_Site\" title=\"How to Set Proper File Permissions for Your WordPress Site?\">How to Set Proper File Permissions for Your WordPress Site?<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"https:\/\/www.hostduplex.com\/blog\/common-wordpress-security-mistakes\/#Not_Using_2FA\" title=\"Not Using 2FA\">Not Using 2FA<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-24\" href=\"https:\/\/www.hostduplex.com\/blog\/common-wordpress-security-mistakes\/#Why_does_enabling_2FA_matter_for_WordPress_websites\" title=\"Why does enabling 2FA matter for WordPress websites?\">Why does enabling 2FA matter for WordPress websites?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-25\" href=\"https:\/\/www.hostduplex.com\/blog\/common-wordpress-security-mistakes\/#How_to_Enable_2FA_on_Your_WordPress_Site\" title=\"How to Enable 2FA on Your WordPress Site?\">How to Enable 2FA on Your WordPress Site?<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-26\" href=\"https:\/\/www.hostduplex.com\/blog\/common-wordpress-security-mistakes\/#Implementing_Security_Headers\" title=\"Implementing Security Headers\">Implementing Security Headers<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-27\" href=\"https:\/\/www.hostduplex.com\/blog\/common-wordpress-security-mistakes\/#How_to_Implement_Security_Headers_on_Your_WordPress_Website\" title=\"How to Implement Security Headers on Your WordPress Website?\">How to Implement Security Headers on Your WordPress Website?<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-28\" href=\"https:\/\/www.hostduplex.com\/blog\/common-wordpress-security-mistakes\/#To_Sum_up\" title=\"To Sum up\">To Sum up<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Outdated_Operating_System_or_Server_Software\"><\/span>Outdated Operating System or Server Software<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"535\" src=\"https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/update-system-and-server-software-1024x535.webp\" alt=\"Server and system software update process image -maintaining updated WordPress systems and servers for enhanced security\" class=\"wp-image-13815\" srcset=\"https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/update-system-and-server-software-1024x535.webp 1024w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/update-system-and-server-software-300x157.webp 300w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/update-system-and-server-software-768x401.webp 768w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/update-system-and-server-software.webp 1200w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>One of the most common causes of website hacks is an outdated operating system or server software. Hackers often take advantage of vulnerabilities in outdated software to gain unauthorized access to WordPress sites, steal <a href=\"https:\/\/www.hostduplex.com\/blog\/how-to-protect-against-leaking-of-your-pii\/\" target=\"_blank\" rel=\"noopener\">sensitive information<\/a>, or spread malicious software, resulting in data theft, loss of revenue, and damage to your reputation. In fact, according to a <a href=\"https:\/\/pages.riskbasedsecurity.com\/en\/en\/2020-yearend-data-breach-quickview-report\" data-type=\"URL\" data-id=\"https:\/\/pages.riskbasedsecurity.com\/en\/en\/2020-yearend-data-breach-quickview-report\" target=\"_blank\" rel=\"noreferrer noopener\">report <\/a>by RiskBased Security, it saw a 141% increase in the number of records exposed in data breaches.<\/p>\n\n\n\n<p>To protect your WordPress website, you must keep your operating system and server software updated. By doing so, you ensure that your website is running on the latest and <a href=\"https:\/\/www.hostduplex.com\/blog\/wordpress-6-2-1-security-release\/\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/www.hostduplex.com\/blog\/wordpress-6-2-1-security-release\/\" rel=\"noreferrer noopener\">most secure WordPress version<\/a>, which reduces the risk of a security breach.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_to_Update_Your_Operating_System_and_Server_Software\"><\/span>How to Update Your Operating System and Server Software?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Updating your operating system and server software is a straightforward process. Most <a href=\"https:\/\/www.hostduplex.com\/blog\/top-centos-alternatives\/\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/www.hostduplex.com\/blog\/top-centos-alternatives\/\" rel=\"noreferrer noopener\">operating systems<\/a> and server software have an auto-update feature that automatically downloads and installs the latest security patches and updates. However, if you prefer to update manually, you can do so by following these steps:<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>1.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Check for updates<\/strong><\/h4>\n\n\n\n<p>Check if there are any available updates for your operating system or server software. Most updates can be found in the &#8220;Updates&#8221; section of your system settings.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">CentOS \/ AlmaLinux \/ Fedora \/ Red Hat Enterprise Linux (RHEL)<\/h5>\n\n\n\n<p>If you are running any flavor of CentOS, <a href=\"https:\/\/almalinux.org\/\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/almalinux.org\/\" rel=\"noreferrer noopener\">AlmaLinux<\/a>, <a href=\"https:\/\/fedoraproject.org\/\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/fedoraproject.org\/\" rel=\"noreferrer noopener\">Fedora<\/a>, or <a href=\"https:\/\/www.redhat.com\/en\/technologies\/linux-platforms\/enterprise-linux\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/www.redhat.com\/en\/technologies\/linux-platforms\/enterprise-linux\" rel=\"noreferrer noopener\">RHEL<\/a>, you can use yum:<\/p>\n\n\n\n<p><strong><code>yum check<\/code><\/strong><\/p>\n\n\n\n<p><em>Yum check<\/em> will check your system for available updates.  When you are ready to perform those updates, you can run the following command:<\/p>\n\n\n\n<p><code><strong>yum update<\/strong><\/code><\/p>\n\n\n\n<h5 class=\"wp-block-heading\">Ubuntu<\/h5>\n\n\n\n<p>On <a href=\"https:\/\/ubuntu.com\/\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/ubuntu.com\/\" rel=\"noreferrer noopener\">Ubuntu<\/a>, you can perform the following command to see what packages are available for upgrades:<\/p>\n\n\n\n<p><strong><code>apt list --upgradable<\/code><\/strong><\/p>\n\n\n\n<p>In order to apply the updates, perform the following command on Ubuntu:<\/p>\n\n\n\n<p><strong><code>sudo apt-get upgrade<\/code><\/strong><\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>2.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Download updates<\/strong><\/h4>\n\n\n\n<p>Download and install the updates as soon as they become available. This will ensure that your system is running on the latest and most secure version.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>3.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Restart your server<\/strong><\/h4>\n\n\n\n<p>After installing updates (and especially after any kernel update), it is recommended that you restart your server to ensure that all updates are properly applied and take effect. With most <a href=\"https:\/\/www.hostduplex.com\/blog\/top-centos-alternatives\/\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/www.hostduplex.com\/blog\/top-centos-alternatives\/\" rel=\"noreferrer noopener\">Linux operating systems<\/a>, you can reboot the server with a simple <em>reboot<\/em> command.  <\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Outdated_PHP_Versions\"><\/span>Outdated PHP Versions<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"535\" src=\"https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/update-php-version-1024x535.webp\" alt=\"Updating PHP version for WordPress -Image illustrating the updating PHP for improved WordPress website security and performance\" class=\"wp-image-13816\" srcset=\"https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/update-php-version-1024x535.webp 1024w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/update-php-version-300x157.webp 300w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/update-php-version-768x401.webp 768w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/update-php-version.webp 1200w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><a href=\"https:\/\/www.php.net\/\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/www.php.net\/\" rel=\"noreferrer noopener\">PHP<\/a> is a scripting language used to build dynamic websites. It is a popular choice among web developers because it is free, easy to use, and can run on multiple platforms. PHP powers many websites, including those hosted on the WordPress platform. However, using outdated versions of PHP can pose a severe security risk to your WordPress site. According to a <a href=\"https:\/\/sucuri.net\/reports\/2021-hacked-website-report\/\" data-type=\"URL\" data-id=\"https:\/\/sucuri.net\/reports\/2021-hacked-website-report\/\" target=\"_blank\" rel=\"noreferrer noopener\">study<\/a> by Sucuri, over 60% of hacked WordPress sites were using an outdated version of PHP.<\/p>\n\n\n\n<p>Hackers often target websites running on outdated PHP versions because they have known vulnerabilities that can be easily exploited. Keeping your PHP version updated is crucial to maintaining website security.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_to_Update_Your_PHP_Version\"><\/span>How to Update Your PHP Version?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>To update your PHP version, you should contact your web hosting provider and ask them to upgrade your server&#8217;s PHP version to the latest stable release. Alternatively, you can update PHP yourself if you have access to your server&#8217;s control panel.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Update the PHP version in cPanel<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Log into your cPanel and select the MultiPHP Manager<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"391\" src=\"https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/multiphp-manager-1024x391.webp\" alt=\"cPanel MultiPHP Manager\" class=\"wp-image-13837\" srcset=\"https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/multiphp-manager-1024x391.webp 1024w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/multiphp-manager-300x115.webp 300w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/multiphp-manager-768x293.webp 768w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/multiphp-manager-1536x586.webp 1536w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/multiphp-manager.webp 1726w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Log into cPanel &#8211;&gt; MultiPHP Manager<\/figcaption><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Select your domain, PHP version of your choice, and click Apply<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"483\" src=\"https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/set-php-version-1024x483.webp\" alt=\"cPanel set PHP version\" class=\"wp-image-13838\" srcset=\"https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/set-php-version-1024x483.webp 1024w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/set-php-version-300x141.webp 300w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/set-php-version-768x362.webp 768w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/set-php-version-1536x724.webp 1536w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/set-php-version.webp 1688w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Set PHP Version in cPanel<\/figcaption><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Outdated_themes_and_plugins\"><\/span>Outdated themes and plugins<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"535\" src=\"https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/update-themes-and-plugins-regularly-1024x535.webp\" alt=\"Updating themes and plugins for WordPress - Image depicting the significance of keeping themes and plugins up-to-date for enhanced WordPress site security and functionality\" class=\"wp-image-13817\" srcset=\"https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/update-themes-and-plugins-regularly-1024x535.webp 1024w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/update-themes-and-plugins-regularly-300x157.webp 300w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/update-themes-and-plugins-regularly-768x401.webp 768w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/update-themes-and-plugins-regularly.webp 1200w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>A recent <a href=\"https:\/\/patchstack.com\/whitepaper\/the-state-of-wordpress-security-in-2021\/\" target=\"_blank\" rel=\"noreferrer noopener\">study<\/a> found that 6 out of 18 components are outdated\u00a0on a single WordPress site. With every additional WordPress plugin installed on the website, the risk of being exposed to a potential vulnerability increases. The fact that WordPress sites are lagging behind with updates increases the risk even more. Jeff Mains, CEO of <a href=\"https:\/\/championleadership.com\/\" target=\"_blank\" rel=\"noopener\">Championship Leadership Group<\/a>, told <em>Host Duplex<\/em>, &#8220;Once sites are infected with malware, it can spread to other parts of a server, damaging other sites hosted on the same server.&#8221;<\/p>\n\n\n\n<p>Like any software, WordPress requires regular updates to <a href=\"https:\/\/www.hostduplex.com\/blog\/best-wordpress-speed-test-tools\/\" target=\"_blank\" rel=\"noopener\">maintain optimal performance<\/a> and security. Failure to update your WordPress core, plugins, and themes can lead to security vulnerabilities that hackers can exploit. <\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Outdated plugins and themes often contain known security vulnerabilities, which can be exploited by malicious actors.<\/p>\n<cite><a href=\"https:\/\/www.linkedin.com\/in\/harman12\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/www.linkedin.com\/in\/harman12\" rel=\"noreferrer noopener\">Harman Singh<\/a>, Director at <a href=\"https:\/\/thecyphere.com\/\" data-type=\"URL\" data-id=\"https:\/\/thecyphere.com\/\" target=\"_blank\" rel=\"noopener\">Cyphere<\/a><\/cite><\/blockquote>\n\n\n\n<p>Also read, <a href=\"https:\/\/www.hostduplex.com\/blog\/top-10-best-wordpress-plugins\/\" target=\"_blank\">10 Must Have WordPress Plugins for Optimal Performance in 2023<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_to_Keep_Your_WordPress_Core_Plugins_and_Themes_Up-to-date\"><\/span>How to Keep Your WordPress Core, Plugins, and Themes Up-to-date?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>To keep your WordPress plugins, themes, and <a href=\"https:\/\/www.hostduplex.com\/blog\/wordpress-6-2-changes-and-features\/\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/www.hostduplex.com\/blog\/wordpress-6-2-changes-and-features\/\" rel=\"noreferrer noopener\">WordPress core up-to-date<\/a>, you should regularly check for updates and install them as soon as possible. You can also enable <strong>automatic<\/strong> <strong>updates<\/strong> for your WordPress core and plugins, which can save you time and ensure that your site is always running on the latest version.<\/p>\n\n\n\n<p>It is also recommended to <strong>remove unused themes<\/strong> or <strong>plugins<\/strong>. This helps to minimize the risk of vulnerable WordPress plugins being exploited by hackers.<\/p>\n\n\n\n<p>To remove unused Plugins, Go to the <strong>&#8216;Plugins&#8217;<\/strong> section of your WordPress dashboard and click on <strong>&#8216;Installed<\/strong> <strong>Plugins&#8217;<\/strong>.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Look for any inactive plugins and select them all.<\/li>\n\n\n\n<li>From the dropdown menu, click on <strong>&#8216;Delete&#8217;<\/strong> to remove them.<\/li>\n<\/ul>\n\n\n\n<p>Similarly, to delete any <strong>unused WordPress themes<\/strong>, go to the <strong>&#8216;Appearance&#8217;<\/strong> section and click on <strong>&#8216;Themes&#8217;<\/strong>.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Select the theme you want to remove.<\/li>\n\n\n\n<li>Click on the <strong>&#8216;Delete&#8217;<\/strong> button located in the bottom right-hand corner of the screen.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Using_Third-party_Plugins_Only_from_Trusted_AuthorsSources\"><\/span>Using Third-party Plugins Only from Trusted Authors\/Sources<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"535\" src=\"https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/choose-trusted-auther-and-sources-for-plugins-1024x535.webp\" alt=\"Trusted third-party plugins for WordPress -mage illustrating the importance of selecting reliable and reputable plugin authors and sources for a secure and well-functioning WordPress site\" class=\"wp-image-13818\" srcset=\"https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/choose-trusted-auther-and-sources-for-plugins-1024x535.webp 1024w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/choose-trusted-auther-and-sources-for-plugins-300x157.webp 300w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/choose-trusted-auther-and-sources-for-plugins-768x401.webp 768w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/choose-trusted-auther-and-sources-for-plugins.webp 1200w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Third-party plugins are a great way to add additional functionality to your WordPress website. However, using plugins from untrusted authors or sources can contain malicious code that can pose a significant security risk. In fact, according to a <a href=\"https:\/\/ithemes.com\/annual-wordpress-vulnerability-report\/\" data-type=\"URL\" data-id=\"https:\/\/ithemes.com\/annual-wordpress-vulnerability-report\/\" target=\"_blank\" rel=\"noopener\">report <\/a>by iThemes, over 97% of WordPress vulnerabilities were caused by third-party plugins.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Why_Choose_Trusted_Authors_and_Sources_for_Third-party_Plugins_and_WordPress_security_plugins\"><\/span>Why Choose Trusted Authors and Sources for Third-party Plugins and WordPress security plugins?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Using plugins from trusted authors and sources reduces the risk of installing malicious code on your WordPress site. Trusted authors and sources usually have a track record of producing high-quality WordPress plugins that are regularly updated to address known vulnerabilities.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>The best way to protect yourself is to use the right tools to keep your site secure, and have regular backups in place.<\/p>\n<cite><a href=\"https:\/\/www.linkedin.com\/in\/michael-miller-vpnonline\/\" data-type=\"URL\" data-id=\"https:\/\/www.linkedin.com\/in\/michael-miller-vpnonline\/\" target=\"_blank\" rel=\"noopener\">&nbsp;Michael Miller<\/a>, CEO of <a href=\"https:\/\/vpnonline.com\/\" data-type=\"URL\" data-id=\"https:\/\/vpnonline.com\/\" target=\"_blank\" rel=\"noopener\">VPNOnline.com<\/a><\/cite><\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_to_Choose_Trusted_Authors_and_Sources_for_Third-party_Plugins\"><\/span>How to Choose Trusted Authors and Sources for Third-party Plugins?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>When choosing a third-party plugin, it&#8217;s important to do your research to avoid WordPress security mistakes. Here are some tips for choosing trusted authors and sources:<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>1.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Check plugin reviews<\/strong><\/h4>\n\n\n\n<p>Check the plugin&#8217;s reviews to see what other users are saying about it. Look for plugins with high ratings and positive reviews.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>2.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Check the author&#8217;s reputation<\/strong><\/h4>\n\n\n\n<p>Check the author&#8217;s reputation by searching for their name on Google or reading their website&#8217;s &#8220;About&#8221; section. Look for authors who have a good reputation in the WordPress community.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>3.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Check plugin updates<\/strong><\/h4>\n\n\n\n<p>Check the plugin&#8217;s update frequency to ensure that it is regularly updated. Plugins that are not updated regularly are more likely to contain vulnerabilities.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>4.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Check the plugin&#8217;s code<\/strong><\/h4>\n\n\n\n<p>Check the plugin\u2019s code for any suspicious or malicious code that could pose a security risk. You can check PHP code for vulnerabilities using tools like ChatGPT or Synk.io&#8217;s PHP code checker.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Top_WordPress_Security_Tools_and_Plugins\"><\/span>Top WordPress Security Tools and Plugins<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Some of the most popular WordPress tools and plugins that can help in avoiding WordPress security mistakes are:<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong><a href=\"https:\/\/www.wordfence.com\/\" data-type=\"URL\" data-id=\"https:\/\/www.wordfence.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Wordfence<\/a><\/strong><\/h4>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"422\" src=\"https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/wordfence--1024x422.webp\" alt=\"Wordfence WordPress Security Plugin - Safeguard Your Site from Cyber Threats - 2023\" class=\"wp-image-15285\" srcset=\"https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/wordfence--1024x422.webp 1024w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/wordfence--300x124.webp 300w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/wordfence--768x316.webp 768w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/wordfence-.webp 1345w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Wordfence offers a complete security solution for WordPress, including malware scanning, firewall protection, and login security features.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong><a href=\"https:\/\/wordpress.org\/plugins\/sucuri-scanner\/\" data-type=\"URL\" data-id=\"https:\/\/wordpress.org\/plugins\/sucuri-scanner\/\" target=\"_blank\" rel=\"noreferrer noopener\">Sucuri<\/a><\/strong><\/h4>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"763\" height=\"362\" src=\"https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/sucuri-.webp\" alt=\"Sucuri Security Plugin - Protect Your WordPress Site with Top-tier Defense - 2023\" class=\"wp-image-15286\" srcset=\"https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/sucuri-.webp 763w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/sucuri--300x142.webp 300w\" sizes=\"(max-width: 763px) 100vw, 763px\" \/><\/figure>\n\n\n\n<p>Sucuri is a cloud-based security platform that provides website scanning, malware removal, and website <a href=\"https:\/\/www.hostduplex.com\/blog\/the-importance-of-a-web-application-firewall-for-wordpress-sites\/\" target=\"_blank\" rel=\"noopener\">firewall protection for WordPress sites<\/a>.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><a href=\"https:\/\/ithemes.com\/security\/\" data-type=\"URL\" data-id=\"https:\/\/ithemes.com\/security\/\" target=\"_blank\" rel=\"noopener\"><strong>iThemes<\/strong> <strong>Security<\/strong><\/a><\/h4>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"428\" src=\"https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/ithemes--1024x428.webp\" alt=\"iThemes - Comprehensive WordPress Security Solutions for a Worry-Free Online Presence - 2023\" class=\"wp-image-15287\" srcset=\"https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/ithemes--1024x428.webp 1024w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/ithemes--300x125.webp 300w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/ithemes--768x321.webp 768w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/ithemes-.webp 1347w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>iThemes Security is a powerful security plugin with features like malware scanning, brute force protection, and <a href=\"https:\/\/www.hostduplex.com\/blog\/the-importance-of-two-factor-authentication-with-wordpress\/\" target=\"_blank\" rel=\"noopener\">two-factor authentication for enhanced WordPress<\/a> security.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong><a href=\"https:\/\/wpscan.com\/wordpress-security-scanner\" data-type=\"URL\" data-id=\"https:\/\/wpscan.com\/wordpress-security-scanner\" target=\"_blank\" rel=\"noreferrer noopener\">WPScan<\/a><\/strong><\/h4>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"468\" src=\"https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/WPScan--1024x468.webp\" alt=\"WPScan - A Powerful WordPress Vulnerability Scanner for Enhanced Site Protection - 2023\" class=\"wp-image-15288\" srcset=\"https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/WPScan--1024x468.webp 1024w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/WPScan--300x137.webp 300w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/WPScan--768x351.webp 768w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/WPScan-.webp 1336w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>WPScan is a dedicated vulnerability scanner that checks WordPress websites for known security vulnerabilities, helping you identify and fix potential issues.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Lack_of_Backups\"><\/span>Lack of Backups<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"535\" src=\"https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/back-up-website-regularly-1024x535.webp\" alt=\"Regular WordPress website backups - Image depicting the significance of backing up your WordPress site frequently to ensure data protection and easy recovery in case of security issues\" class=\"wp-image-13819\" srcset=\"https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/back-up-website-regularly-1024x535.webp 1024w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/back-up-website-regularly-300x157.webp 300w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/back-up-website-regularly-768x401.webp 768w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/back-up-website-regularly.webp 1200w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Not backing up WordPress sites is one of the most common WordPress security mistakes. Backups are copies of your website&#8217;s files and database that can be used to restore your website in case of a security breach or other issues.<\/p>\n\n\n\n<p>Many hosting providers offer automatic backup solutions, making it easier for WordPress users to keep their websites protected. Additionally, you can leverage <a href=\"https:\/\/www.hostduplex.com\/blog\/10-best-wordpress-backup-plugins-2023\/\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/www.hostduplex.com\/blog\/10-best-wordpress-backup-plugins-2023\/\" rel=\"noreferrer noopener\">WordPress backup plugins<\/a> to ensure seamless data preservation, effortless site migration, and swift disaster recovery for your website.<\/p>\n\n\n\n<p>Failing to back up your website can have devastating consequences in the event of a security breach or data loss. Many people make the mistake of backing up their website to the same server, which can be problematic if the server fails. Both on-site and off-site backups are recommended.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Why_is_Having_Regular_Backups_Essential_for_Your_Website\"><\/span>Why is Having Regular Backups Essential for Your Website?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Regular backups are critical for maintaining the integrity and availability of your website&#8217;s data. Without backups, you risk losing all your data in case of a security breach, server failure, or human error. According to a <a href=\"https:\/\/cybersecurityventures.com\/global-ransomware-damage-costs-predicted-to-reach-250-billion-usd-by-2031\/\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/cybersecurityventures.com\/global-ransomware-damage-costs-predicted-to-reach-250-billion-usd-by-2031\/\" rel=\"noreferrer noopener\">report <\/a>by Cybersecurity Ventures, ransomware attacks are predicted to cost businesses over $265 billion by 2031.<\/p>\n\n\n\n<p>Regular backups ensure that you always have a recent copy of your website&#8217;s files and database. In case of a security breach, you can quickly restore your website to its previous state using a backup. Regular backups also protect your website from data loss caused by hardware failures or human errors.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_to_Back_up_Your_Website\"><\/span>How to Back up Your Website?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>There are several ways to back up your website. Here are some common methods:<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">1.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <strong>Use a backup plugin<\/strong><\/h4>\n\n\n\n<p>Automate the backup process with popular plugins like <a href=\"https:\/\/wordpress.org\/plugins\/updraftplus\/\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/wordpress.org\/plugins\/updraftplus\/\" rel=\"noreferrer noopener\">UpdraftPlus<\/a>, <a href=\"https:\/\/ithemes.com\/backupbuddy\/\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/ithemes.com\/backupbuddy\/\" rel=\"noreferrer noopener\">BackupBuddy<\/a>, and <a href=\"https:\/\/vaultpress.com\/\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/vaultpress.com\/\" rel=\"noreferrer noopener\">VaultPress<\/a>.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">2.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <strong>Use your hosting provider&#8217;s backup service<\/strong><\/h4>\n\n\n\n<p>Check if your hosting provider offers backups and how to access them.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">3.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <strong>Manually backup your website<\/strong><\/h4>\n\n\n\n<p>Use an FTP client to download your website&#8217;s files and a database management tool to export your website&#8217;s database.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Weak_Passwords\"><\/span>Weak Passwords<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"535\" src=\"https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/use-strong-passwrods-1024x535.webp\" alt=\"&quot;Strong passwords for WordPress security - Image illustrating the importance of using complex, unique passwords to enhance the protection of your WordPress site against unauthorized access\" class=\"wp-image-13820\" srcset=\"https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/use-strong-passwrods-1024x535.webp 1024w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/use-strong-passwrods-300x157.webp 300w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/use-strong-passwrods-768x401.webp 768w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/use-strong-passwrods.webp 1200w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Passwords are one of the most critical aspects of securing your WordPress site. Weak passwords can easily be hacked, compromising the security of your website. Hackers often use <a href=\"https:\/\/www.hostduplex.com\/blog\/prevent-brute-force-attack-in-magento-2\/\" target=\"_blank\" rel=\"noopener\">brute force attacks<\/a> to gain access to WordPress user accounts by guessing passwords through repeated login attempts. According to a study by Nord, the most commonly used passwords in 2021 were &#8220;<strong>123456<\/strong>&#8221; and &#8220;<strong>password<\/strong>&#8220;.<\/p>\n\n\n\n<p>In another <a href=\"https:\/\/eng.umd.edu\/news\/story\/study-hackers-attack-every-39-seconds\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/eng.umd.edu\/news\/story\/study-hackers-attack-every-39-seconds\" rel=\"noreferrer noopener\">study<\/a>, it was revealed that hackers attempt to guess passwords at an alarming rate of one attack every 39 seconds. This highlights the need to use strong and unique passwords for your WordPress site.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_to_Create_a_Strong_Password_for_Your_WordPress_Site\"><\/span>How to Create a Strong Password for Your WordPress Site?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Creating a strong password can be quite easy. Here are some tips to follow when creating a password for your WordPress site:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use a combination of upper and lowercase letters, numbers, and symbols.<\/li>\n\n\n\n<li>Make your password at least 12 characters long.<\/li>\n\n\n\n<li>Avoid using common words, phrases, or personal information that can be easily guessed.<\/li>\n\n\n\n<li>Use <a href=\"https:\/\/www.hostduplex.com\/blog\/how-to-secure-wordpress-with-a-password-policy-plugin\/\" data-type=\"URL\" data-id=\"https:\/\/www.hostduplex.com\/blog\/how-to-secure-wordpress-with-a-password-policy-plugin\/\" target=\"_blank\" rel=\"noreferrer noopener\">password policy plugins<\/a> or password managers to generate and store unique passwords for each of your accounts.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_to_Manage_Your_WordPress_Passwords\"><\/span>How to Manage Your WordPress Passwords?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>As your website grows, managing your passwords becomes more important. Here are some best practices to follow when managing your WordPress passwords:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Change your passwords regularly.<\/li>\n\n\n\n<li>Use a different password for each of your accounts.<\/li>\n\n\n\n<li>Avoid writing your passwords down or storing them in an insecure location.<\/li>\n\n\n\n<li>Using a password manager can help you generate and store strong, unique passwords for each WordPress account.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Ignoring_User_RolesPermissions\"><\/span>Ignoring User Roles\/Permissions<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"535\" src=\"https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/audit-user-roles-and-permissions-1024x535.webp\" alt=\"&quot;User roles and permissions in WordPress - Image depicting the management of user roles and access levels for improved security and control within your WordPress site\" class=\"wp-image-13821\" srcset=\"https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/audit-user-roles-and-permissions-1024x535.webp 1024w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/audit-user-roles-and-permissions-300x157.webp 300w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/audit-user-roles-and-permissions-768x401.webp 768w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/audit-user-roles-and-permissions.webp 1200w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>User roles and permissions are essential for controlling access to your website&#8217;s backend. Many WordPress site owners make the mistake of giving users more permissions than necessary, which can lead to accidental or intentional changes that compromise site security.<\/p>\n\n\n\n<p>Neglecting to audit your user roles and permissions can result in unauthorized access, data theft, and other security breaches. By assigning the correct user roles and permissions, you can limit access to sensitive areas of your site and prevent unauthorized access.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Why_Regularly_Auditing_User_Roles_and_Permissions_Is_Important\"><\/span>Why Regularly Auditing User Roles and Permissions Is Important?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Auditing your user roles and permissions regularly is crucial for maintaining the security of your WordPress site. By doing so, you can:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ensure that only authorized users have access to sensitive areas of your site.<\/li>\n\n\n\n<li>Remove any unused or unnecessary user accounts.<\/li>\n\n\n\n<li>Identify any potential security risks or vulnerabilities.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_to_Audit_Your_User_Roles_and_Permissions\"><\/span>How to Audit Your User Roles and Permissions?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>To audit your user roles and permissions, follow these steps:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Review your user roles and permissions regularly.<\/li>\n\n\n\n<li>Remove any unused or unnecessary user accounts.<\/li>\n\n\n\n<li>Ensure that each user has the appropriate level of access based on their role.<\/li>\n\n\n\n<li>Use WordPress security plugins like User Role Editor to customize user roles and permissions.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Neglecting_File_Permissions\"><\/span>Neglecting File Permissions<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"535\" src=\"https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/set-propoer-file-permissions-1024x535.webp\" alt=\"Setting proper file permissions in WordPress - Image illustrating the process of adjusting and securing file permissions for enhanced safety on your WordPress website\" class=\"wp-image-13822\" srcset=\"https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/set-propoer-file-permissions-1024x535.webp 1024w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/set-propoer-file-permissions-300x157.webp 300w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/set-propoer-file-permissions-768x401.webp 768w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/set-propoer-file-permissions.webp 1200w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>File permissions are an often-overlooked aspect of WordPress security. File permissions determine who can read, write, and execute files on your website&#8217;s server. If not configured correctly, they can expose your site to potential security risks. A report by Sucuri found that improper file permissions are a significant factor contributing to the vulnerability of WordPress sites.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Why_do_Proper_File_Permissions_Matter_for_Your_Websites_Security\"><\/span>Why do Proper File Permissions Matter for Your Website&#8217;s Security?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Proper file permissions ensure that only authorized users can access and modify files on your website. Improper file permissions can lead to unauthorized access or modifications, which can compromise the security of your site.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_to_Set_Proper_File_Permissions_for_Your_WordPress_Site\"><\/span>How to Set Proper File Permissions for Your WordPress Site?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>To set proper file permissions for your WordPress site, follow these steps:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Avoid giving write permissions to directories or files unless necessary.<\/li>\n\n\n\n<li>Set the file permissions to 644 for all files and 755 for all directories.<\/li>\n\n\n\n<li>Avoid setting file permissions to 777, as this grants full access to all users.<\/li>\n<\/ul>\n\n\n\n<p>This ensures that directories are readable and executable and files are readable but not writable.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Not_Using_2FA\"><\/span>Not Using 2FA<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"535\" src=\"https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/use-2FA-1024x535.webp\" alt=\"&quot;Enabling Two-Factor Authentication (2FA) in WordPress - Image depicting a secure login process using 2FA for improved account security on your WordPress site\" class=\"wp-image-13823\" srcset=\"https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/use-2FA-1024x535.webp 1024w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/use-2FA-300x157.webp 300w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/use-2FA-768x401.webp 768w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/use-2FA.webp 1200w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>According to a <a href=\"https:\/\/security.googleblog.com\/2019\/05\/new-research-how-effective-is-basic.html\" data-type=\"URL\" data-id=\"https:\/\/security.googleblog.com\/2019\/05\/new-research-how-effective-is-basic.html\" target=\"_blank\" rel=\"noreferrer noopener\">report <\/a>by Google, 2FA can prevent 99% of automated attacks. Two-factor authentication (2FA) is a security feature that requires two forms of authentication before granting access to an account. This adds an additional layer of security that can protect your WordPress site from unauthorized access. By requiring a second form of authentication, such as a code generated by an app or sent to your phone, you can ensure that only authorized users can access your site.<\/p>\n\n\n\n<p>Also, read <a href=\"https:\/\/www.hostduplex.com\/blog\/two-factor-authentication-for-wordpress\/\" target=\"_blank\">How to Enforce Two Factor Authentication for WordPress with Plugins<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Why_does_enabling_2FA_matter_for_WordPress_websites\"><\/span>Why does enabling 2FA matter for WordPress websites?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Enabling 2FA on your WordPress site can help to reduce the risk of brute-force attacks and password-cracking attempts. Even if a hacker manages to obtain your password, they won&#8217;t be able to access your account without the additional factor of authentication. WordPress supports a variety of 2FA methods, including SMS verification, email verification, and authenticator apps like <a href=\"https:\/\/apps.apple.com\/us\/app\/google-authenticator\/id388497605\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/apps.apple.com\/us\/app\/google-authenticator\/id388497605\" rel=\"noreferrer noopener\">Google Authenticator<\/a> and <a href=\"https:\/\/authy.com\/\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/authy.com\/\" rel=\"noreferrer noopener\">Authy<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_to_Enable_2FA_on_Your_WordPress_Site\"><\/span>How to Enable 2FA on Your WordPress Site?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Enabling 2FA on your WordPress site is a simple process.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>First, you&#8217;ll need to install a WordPress security plugin that supports the authentication method you want to use. Some popular options include Two-Factor, Google Authenticator, and Authy.<\/li>\n\n\n\n<li>Once you&#8217;ve installed and activated the plugin, you can configure the settings to enable 2FA for your users.<\/li>\n\n\n\n<li>Once you&#8217;ve configured the settings, users will be prompted to set up 2FA when they login to their accounts.<\/li>\n\n\n\n<li>They&#8217;ll need to follow the steps provided by the authentication method to complete the setup process.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Implementing_Security_Headers\"><\/span>Implementing Security Headers<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"535\" src=\"https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/implement-security-headers-1024x535.webp\" alt=\"Implementing Security Headers in WordPress - Image illustrating the addition of security headers to enhance website protection and prevent cross-site scripting attacks\" class=\"wp-image-13824\" srcset=\"https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/implement-security-headers-1024x535.webp 1024w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/implement-security-headers-300x157.webp 300w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/implement-security-headers-768x401.webp 768w, https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/implement-security-headers.webp 1200w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Security headers are HTTP response headers that provide additional security measures to your website by allowing your website to communicate security-related information to the user&#8217;s browser. Despite the benefits of using security headers, many website owners still don&#8217;t implement them.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_to_Implement_Security_Headers_on_Your_WordPress_Website\"><\/span>How to Implement Security Headers on Your WordPress Website?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Add the following to your<strong> .htaccess<\/strong> file to implement security headers.<\/p>\n\n\n\n<p><code># Security Headers <br>Header always set Content-Security-Policy \"upgrade-insecure-requests\"<br>Header always set X-Content-Type-Options \"nosniff\"<br>Header always set X-XSS-Protection \"1; mode=block\"<br>Header always set Referrer-Policy: \"no-referrer-when-downgrade\"<br>Header always set Expect-CT \"max-age=7776000, enforce\"<br>Header always set X-Frame-Options: \"SAMEORIGIN\"<br>Header always set Permissions-Policy: \"\"<br>Header always set Strict-Transport-Security: \"max-age=31536000\" <br>env=HTTPS<\/code><\/p>\n\n\n\n<p>Adding security headers can help prevent security threats like cross-site scripting (XSS) and clickjacking, <a href=\"https:\/\/www.hostduplex.com\/blog\/how-to-build-a-wordpress-website\/\" target=\"_blank\" rel=\"noopener\">making your website<\/a> more secure. To implement security headers on your WordPress site, you can use a plugin like WP Security Headers that adds the necessary headers to your website&#8217;s HTTP response or manually add the necessary headers to your website&#8217;s <strong>.htaccess<\/strong> file.<\/p>\n\n\n\n<p>Additionally, use a reliable <a href=\"https:\/\/www.hostduplex.com\/managed-wordpress-hosting\/\" target=\"_blank\" rel=\"noreferrer noopener\">hosting provider<\/a> that offers features like a free <strong>SSL certificate<\/strong> and a web application firewall to further enhance your site&#8217;s security. Opt for quality hosting and a dedicated IP address for added protection against attacks.<\/p>\n\n\n\n<p>The most commonly used security headers include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Content Security Policy (CSP)<\/li>\n\n\n\n<li>Strict-Transport-Security (STS)<\/li>\n\n\n\n<li>X-content-type-options<\/li>\n\n\n\n<li>X-frame-options<\/li>\n\n\n\n<li>X-XSS-Protection<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"To_Sum_up\"><\/span>To Sum up<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Securing your WordPress site requires a proactive approach to identifying and avoiding common WordPress security mistakes. From outdated software and weak passwords to neglecting user roles and file permissions, there are many ways that hackers can exploit vulnerabilities in your site. By implementing the best practices outlined in this article, including choosing a <a href=\"https:\/\/www.hostduplex.com\/\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/www.hostduplex.com\/\" rel=\"noreferrer noopener\">secure hosting provider<\/a>, updating your software, using strong passwords, using features like &#8216;limit login attempts&#8217;, and regularly auditing your user roles and file permissions, you can significantly reduce the risk of a security breach. Improving the security of your website is crucial not just for protecting your data, but also for preserving your search engine optimization (SEO) and earning the trust of users.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>WordPress is the undisputed king of content management systems, powering over 40% of all websites worldwide. But the same simplicity that makes it so&#8230;<\/p>\n","protected":false},"author":8,"featured_media":13813,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[52,137],"tags":[163,39,166,53],"class_list":["post-13798","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-wordpress","category-cybersecurity","tag-cybersecurity","tag-security","tag-security-mistakes","tag-wordpress","article","has-excerpt","has-avatar","has-author","has-date","has-comment-count","has-category-meta","has-read-more","thumbnail-"],"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"https:\/\/www.hostduplex.com\/blog\/wp-content\/uploads\/2023\/03\/Common-WordPress-security-mistakes.webp","_links":{"self":[{"href":"https:\/\/www.hostduplex.com\/blog\/wp-json\/wp\/v2\/posts\/13798","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hostduplex.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hostduplex.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hostduplex.com\/blog\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hostduplex.com\/blog\/wp-json\/wp\/v2\/comments?post=13798"}],"version-history":[{"count":35,"href":"https:\/\/www.hostduplex.com\/blog\/wp-json\/wp\/v2\/posts\/13798\/revisions"}],"predecessor-version":[{"id":16187,"href":"https:\/\/www.hostduplex.com\/blog\/wp-json\/wp\/v2\/posts\/13798\/revisions\/16187"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.hostduplex.com\/blog\/wp-json\/wp\/v2\/media\/13813"}],"wp:attachment":[{"href":"https:\/\/www.hostduplex.com\/blog\/wp-json\/wp\/v2\/media?parent=13798"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hostduplex.com\/blog\/wp-json\/wp\/v2\/categories?post=13798"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hostduplex.com\/blog\/wp-json\/wp\/v2\/tags?post=13798"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}