Is Your Website Vulnerable to Attacks

WordPress Hacks: Is Your Website Vulnerable to Attacks?

Martin Starkie Online Security

To say WordPress is popular would be an understatement.

The software powers 30% of the whole web and has 60% of the content management system (CMS) market share. It should be no surprise then that WordPress websites are popular targets for hackers.

WordPress hacking?

WordPress hacks are a genuine threat to all WordPress website owners. And they happen quickly and without warning. Often your website will be fine one day and hacked the next. Some estimates have the number of WordPress hacks at 30,000 per day.

But what is WordPress hacking? Hacking simply means a set of methods used to gain unauthorised access to your website. This post looks at the three most important things for you to know when it comes to WordPress hacking:

  • Why do people want to hack your website?

  • What are the most common methods of hacking a WordPress website?

  • How can you protect your website from hacking?

Why do people want to hack your website?

Hackers are usually after only one thing: information. This could be basic information such as emails, addresses, and phone numbers. But it could also be financial information such as credit card details and access to third party apps like Stripe.

In less common cases hackers will use your servers to send thousands of spam emails or infect website visitors with malicious software (viruses, key loggers, etc).

You might think as a small business owner you’re invisible to hackers and an unlikely target. In some ways this is true – very rarely do hackers specifically target companies. And even then, it’s usually for a bigger reason like mass payment data or political affiliation.

But the truth is many WordPress hacks are automated. In the eyes of an algorithm your website is just another potential target.

WordPress Hacks: Is Your Website Vulnerable to Attacks

How do hackers get access to websites?

Hackers use vulnerable access points to gain entry to websites. There are three main sources of vulnerability when it comes to WordPress.

  • Hosting and server security

    Shoddy hosting providers might not keep their servers up-to-date with the most recent software. This exposes your website to vulnerabilities – updates are there for a reason and it usually has something to do with fixing an exploit that’s come to light.

  • Backdoors

    Sometimes hackers will create a backdoor, allowing them to bypass the WordPress login page and directly access your website. There are many ways to do this and the best defence is keeping your software current.

  • Brute force

    This is the simplest method and one WordPress is known to be especially vulnerable to. Hackers simply try to guess your username and password again and again and again until they’re successful. Usually it’ll be a piece of software trying all sorts of combinations at terrifying speeds.WordPress is vulnerable because by default all usernames are set to ‘admin’ and unlimited login attempts allowed. These can be changed.

How can you prevent WordPress hacks?

It’s surprisingly simple to keep your WordPress defences up:

  • Ensure your WordPress core files are up to date

  • Uninstall and delete any unused add-ons and files

  • Download files and add-ons from trusted sources

  • Use strong passwords

  • Enable 2-factor authentication

  • Change the default ‘admin’ username

  • Choose a reputable hosting provider… See our web hosting services

Choosing a good web management company will also go someway to securing your website. Things such as changing the default log in settings, setting up strong passwords, and choosing secure providers are often done during the initial WordPress set up – if the company knows what they’re doing.

Online security is a big issue that’s only going to become more important in the future. You need to be prepared and aware of all the security issues your website faces.

Need a Web Technical Support Team?

Drop us a line for a friendly chat about your website on 01282 618210 or...

Share this Post