Why WordPress websites get hacked

I was talking to a past customer the other day when we got on to the subject of websites.

“Yeah. Our website is awful. It doesn’t work and everything needs updating”

I was shocked. An out of date website is just asking for trouble. It’s like leaving the house unlocked every day while you go out to work. We all know that is a dumb idea.

Now you may be thinking. “Yeah, but there’s nothing of value on my website. Why would someone hack it?”. Well, there are quite a few reasons. And just because your website might not be carrying credit card data or personal identity data, it is still very valuable to hackers. In fact, because you may think it’s unlikely to happen, you are making yourself more of a target.

Smaller WordPress websites are the bread and butter for hackers. They generally are easier to get in to and give greater rewards as it can be days, weeks or months before you realise you have been hacked. If a hacker goes to the trouble of getting into your site, they don’t always want you to know they have got in. They hide their hacks from you and so only Google and/or your visitors can see them.

Secondly, they may have hacked your website to get access to the server and it’s power or to spread malware or viruses from your website. Very nasty and can cause your website to plummet from the Google rankings

Why do WordPress websites get hacked

Phishing pages. These are pages made to look like an official page, probably of a large bank or online retailer and try and trick visitors into filling in their login details. They are often attached to large volume spam emails that drive people to your website to ‘login’ as there is a problem with their account.

Malvertising (ads). Hackers can hide code on your website pages that can redirect visitors off on to other (often unsuitable) sites. Or just show unsuitable adverts on your website. These could be visual or text. I’ve seen links to other websites injected into webpage copy. Unless you read your own web pages you may not notice it.

Sending spam. After hacking the website they use the power of the server to send 100,000’s of email spam. Often spoofing your email address or a company email address.

Drive-by-downloads. Hiding code on the webpage that automatically downloads malware or virus on to the visitor’s computer. Very nasty and can very quickly get you blacklisted in Google as an unsafe site.

How they hack into your WordPress website

Generally, there are 2 ways they gain access to your website.

1. Poor password security. Make sure you and others who can login to your website have secure passwords. Use an online password manager if needs be, to manage your passwords for different services. To learn more about choosing memorable and secure passwords read our blog post.

2 They break in via a vulnerable plugin or WordPress version. Therefore it’s very important you keep your WordPress version and plugins up to date. Now, this is easier said than done, because there is a risk of incompatibility when upgrading. Therefore we suggest that when you secure your hosting for the year it includes updates and upgrades, so you can be sure your website is safe.

Take a look at the WP vulnerability Database. It lists the different versions of WordPress and what problems each version has. If your current website is running one of these versions, then make sure you update as soon as possible.

Hackers are out there constantly scanning the web, using bots to find WordPress websites and then attacking trying to find out if it is running an old version of WordPress.

Alternatively, if you are not confident to update yourself, then choose a hosting provider who includes it in your website hosting. We do. And it comes with our no hack guarantee. If the worse does happen to your website while we are hosting it then we will clean it up and return it to its hack free version free of charge.”

No one can guarantee your website will never get hacked. Look at the high profile companies that have been. But we can guard against it and make it harder for hackers to get in.

So if you are worried about being hacked or have been hacked take a look at our hosting services and drop us a line. It may just save you from an embarrassing and costly website disaster.

Sign up for our Newsletter

Malcare WordPress Security