Why Are There So Many WordPress Attacks?

< Blog
Updated on: August 23rd, 2022Frank Falco5 min read
Why are there so many wordpress attacks

Why are there so many WordPress attacks? It seems like every month or two we see headlines about large scale hack attacks against WordPress sites and if your business utilizes WordPress, then those headlines often cause quite a bit of panic. Did my site get breached? Website development companies get a tremendous number of emails after large scale attacks wondering why this happens so often and what they should do about it.

So let’s discuss it.

The WordPress phenomenon

The simple reason that WordPress is in the news so often is because of the popularity of the platform. If the platform wasn’t such a phenomenon in the industry it would not be so regularly attacked.

As far as content management systems (CMS), WordPress has about 60% of the total market share. There are approximately 500 new website being created each day on WordPress and according to estimates they power about one-quarter of the web.

If you look at hacking like any other type of business venture it makes perfect sense as to why so many hackers focus on WordPress; it is the biggest customer in the marketplace.

REST API Vulnerability

The most recent attacks are remote command execution (RCE) attempts against the WordPress REST API that was added and enabled by default on WordPress 4.7.0. This was rated as a severe security risk because of the ability to inject code into posts that would then introduce a backdoor into a file.

Some of the attacks resulted in defacing of sites. While this is certainly disruptive, this would be the least concerning attack. Many experts feel that it is only a matter of time before hackers look for greater exploitation that creates a way for them to make money. One monetization though would be injecting ads, affiliate links or spam SEO to a site for their gain.

If done on enough sites this could result in short term monetary gain before sites realize they have been compromised over the next few weeks or even months.

Should I not use WordPress?

WordPress is extremely popular for a lot of reasons; most prominent is that as a content management system it is the best on the market. It is available in 56 languages. There are also over 40,000 plugins, which while offer some problems in relation to security also means you have a high level of customization available.

If you are using WordPress then you should keep doing so but make sure you include some level of protection for your site. For those who are deciding on a CMS, there is no reason not to choose WordPress. Again, you just need to be mindful of your internet security – which you should be doing regardless of the platform you use.

How can I protect my site?

First things first – update to WordPress 4.7.2 now. This will protect you from the latest security breach. Another solution is to have a web maintenance plan which typically includes security updates, website maintenance such as WordPress plugin installation and bug fixes.

You can also disable plugins that run PHP directly from the posts as this creates the vulnerability that is being exploited. Certain firewalls can also provide added layers of protection for WordPress sites if they use things like virtual hardening.

Finally you should be very selective with what plugins you are going to use. They should come from reputable sites and be carefully reviewed before installation.

The bottom line is that any site can be attacked and even breached if the attacker finds something exploitable and has enough knowledge, skill and computing power to cause a breach. There are so many WordPress attacks because of the popularity of the platform which means if you can violate one site it is likely that you can breach hundreds more which makes for an inviting target to hackers. Much like with home protection from burglars you need to regularly access and review your vulnerability and then take adequate steps to keep your house as safe as possible.

Be sure to check back every Monday, Wednesday and Friday for great new Lounge Lizard blog articles.

Published on: February 13th, 2017
Blog cta banner bg


Related articles

How should you pick a domain name
5 min read

How Should You Pick A Domain Name?

August 23rd, 2022

How should you pick a domain name? This is a fairly important decision for your business as typically you will have this name for quite some [...]

Do you need paid media for successful marketing
5 min read

Do You Need Paid Media For Successful Marketing?

August 23rd, 2022

Do you need paid media for successful marketing? After all, why buy the cow when the milk is free? But what happens when nobody is drinking [...]

The app development tips article you need to read
5 min read

The App Development Tips Article You Need To Read

August 23rd, 2022

It is hard being a mobile app developer because there is a lot of competition out there to try and build a top grossing app in [...]

Is podcast advertising right for you
4 min read

Is Podcast Advertising Right For You?

August 23rd, 2022

Podcasts are an interesting format for audio storytelling that has a growing number of listeners. Due to this increase, more people and businesses are expressing interest [...]

How to properly build rapport via email outreach
7 min read

How To Properly Build Rapport Via Email Outreach

August 23rd, 2022

Email outreach is a powerful tool when used effectively and quite honestly a waste of time when used improperly. Today we want to discuss how to [...]

The top 3 digital marketing pitfalls most businesses make
5 min read

The Top 3 Digital Marketing Pitfalls Most Businesses Make

August 23rd, 2022

  When you run a business there are a lot of things that need your attention on a regular basis from sales to marketing to even [...]

Why Are There So Many WordPress Attacks?
Share On:
Newsletter Sign Up

"*" indicates required fields

0 of 60 max characters
0 of 60 max characters

Ready To Grow Revenue?

Digital Experiences That’s Driven Growth Since 1998

"*" indicates required fields

Help My Business*

New York City
112 West 34th Street
18th Floor
New York, NY 10120
Long Island
991 Main St.
Suite 200
Holbrook, NY 11741
Washington D.C.
1101 Connecticut Avenue NW
Suite 450
Washington, DC 20036
424 Church St
Suite 2000
Nashville, TN 37219
Los Angeles
1100 Glendon Avenue
17th Floor
Los Angeles, CA 90024
1221 Brickell Ave
Suite 900
Miami, FL 33131
170 Meeting Street
Charleston, SC 29401
919 E. Main Street
Suite 1000
Richmond, VA 23219
Video popup bg
Important Message from our
Co-Founder Ken Braun

"*" indicates required fields

12 Best Tech Website Designs in 2024