Just as the social media site, Parler, was scheduled to be taken down by Amazon, word emerged of user data being taken by “hackers.” The data and information has since been posted publicly, prompting many to question Parler’s website security. Much of the speculation was centered around WordPress, which was distressing to its millions of users.
Is your WordPress website hack-proof? Here’s what you need to know right now about website security.
What Parler Did Wrong
Parler had very lax security protocols and essentially left all of the user data in question sitting out in the open. This included material that users had deleted. Rather than actually deleting the posts, Parler’s system removed “deleted” posts from public view but still retained the data, which was left unprotected and still easily accessible.
Think of it like this: if you leave your unlocked car out on the street, with the keys left in the ignition, would you really be surprised if someone got in your car and drove it away? Parler didn’t lock up the car and hold onto the keys, so they created an opportunity where they left the door wide open, so to speak.
The data was not acquired through a security breach. Since it was left out in the open rather than protected by security features, users were able to “scrape” the data. Unfortunately for Parler users, the practice of scraping, while ethically questionable, is not illegal.
WordPress Security Issues
WordPress itself does not present an inherent security issue. The mistakes made by Parler in this data breach are unique to Parler, and their lack of good practices and regular updates. Implementing basic security practices will protect WordPress websites from the type of issues and vulnerabilities Parler fell victim to.
How to Block Hackers and Scrapers
There are several steps you can take to protect your website users from having their data exposed. Some common-sense best practices for security will go a long way to deter bad actors. While there is no such this as a fully hack-proof website, using security measures to make hacking as difficult as possible will greatly reduce the likelihood of becoming a target. Some things you should always do to maintain your website security are:
- Keep all software up to date.
- Remove unused features from your site to prevent them from being exploited.
- Take the proper steps to secure and protect that information if your site collects user data or accepts user-generated content.
If all of this seems overwhelming, we can help you ensure that your website is a secure as possible. Our WordPress Website Audit can tell you if you’re at risk for hackers, and we can help you fix that!