The numbers are staggering.
Just to get an idea, the well-known firewall and malware scanner WordFence it blocks more than 4 billion attacks per month and blacklists over 180,000 IP addresses every thirty days from where these attacks start.
With these premises it is clear that we must organize ourselves well to face this situation and make your website safe.
WordPress, the most popular CMS in the world, is safe in itself, but often the plugins used are not. So the choice of the developer, who makes a plugin available, is of fundamental importance, it is important to know how he created the code and if it is reliable, if it has structural deficiencies in terms of security and if it is constantly updated.
So the first thing to do is to build websites with very few plugins of which you know perfectly the reliability of the developer, also because, if you base your infrastructure on a plugin that will not be updated or even available, you will have to redo much of your website, with a huge and unjustified waste of time.
There are many tools for hacking systems and networks
It is unbelievable but on the net there are websites where you can learn to 'violate' a site, there are even rankings with the most popular systems for doing it, one of these is https://softwaretestinghelp.com , a sort of consultation tool to use software designed to test the robustness of your website, this is their 2020 ranking:
| First name | platform | Ideal for | kind | Price |
|---|---|---|---|---|
| Kiuwan | Windows, Unix / Linux and MacOs | Code security and code analysis. | Application security | Free trial version. |
| Nmap | Mac OS, Linux, OpenBSD, Solaris, Windows | Network scan. | Cyber security and network management. | Free |
| Metasploit | Mac OS, Linux, Windows | Building evasive tools. | Safety | Metasploit Framework: free. |
| Intruder | Cloud-based | Detection and correction of vulnerabilities in your infrastructure. | Cyber and network security. | Free monthly trial version. |
| Aircrack-ng | Cross-platform | Supports any wireless network interface controller. | Sniffer and packet injector. | Free |
| Wireshark | Linux, Windows, Mac OS, FreeBSD, NetBSD, OpenBSD | Analysis of data packets. | Package analyzer | Free |
| ettercap | Cross-platform | It allows you to create custom plugins. | Computer security | Free |
A tip, with simple internet searches, you can easily find out if a plugin has vulnerabilities that can be exploited. The most organized are definitely:
- wordfence.com/blog/category/vulnerabilities/
- pluginvulnerabilities.com