Wordpress is a nice blogging software but it has a couple of disadvantages from a security perspective:
- It requires a database and that makes SQL injection attacks possible
- It is using PHP what is known for its vulnerabilities
- It has a web interface for administration which is usually accessible from internet and open for brute force attacks
- It is very popular so there is a huge hacker community around
- It needs frequent updates for Wordpress itself, installed themes and plugins
When your site has become known by attackers for whatever reason they permanently run different types of attacks and try to exploit security vulnerabilities in the software, database, webserver, configuration or in the operating system itself.
If you don’t have system monitoring in place or manually check logfiles you probably might not notice these attacks unless your site gets finally hacked or you notice some performance impact on your website due to overload situation caused by suspect activties (e.g. sending millions of spam emails from your server).
For prevention there are plugins like Wordfence available which enhance Wordpress security. Wordfence provides for example a Web Application Firewall, IP blacklisting, malware signature lists and scanning and it monitors login attempts. In best case all malicious attempts are blocked by Wordfence.
Wordfence has some reporting capabilities. A weekly report about attacks might look like this:
As we can see there are a couple of attacks taking place. And this is from a nonfamous blog of course :-) Don’t want to know what might go on at popular blogs…
So what are my main reasons to migrate to Hugo:
- It is a static website generator so not too many attacks possible
- Websites are lightweight, look clean and are loading fast
- There are many nice themes for different needs and projects available
You can read in another post how migration can be done easily…