Why Do WordPress Sites Get Hacked?

< Blog
Updated on: August 23rd, 2022Frank Falco7 min read
Why do wordpress sites get hacked

One of the worst things that can happen to your website is getting hacked. Along with the feeling of being violated, there is the accompanying fallout that goes with it such as site downtime, loss of web traffic and of course loss of trust with your audience. As a top web development company, we understand all too well the frustration and issues related to this problem which is why today we wanted to discuss ‘why do WordPress sites get hacked’ as part of our series on website security.

Why are we being hacked?

Hacking has existed as long as computers have been around. The term itself is based on “hacks” or shortcuts that programmers would create to help modify the performance of a computer’s functionality including the operating system and various applications. From that point things slowly evolved, often involving intelligent programmers who were looking for a challenge in regards to accessing systems.

Typically hackers are younger and have less understanding of the amount of damage they might cause to others when they hack someone, much like when people spray graffiti on a building. Boredom or activism can come into play for some sites. There are also those that use hacking as a way to generate income via theft of data to be sold on the dark market.

Sometimes a hacker uploads malicious code to a site (malware) which is then spread to the users of the site. There are also Blackhat SEO spam campaigns where users get directed to pages that generate affiliate revenue. Finally some hackers just look to steal resources like bandwidth or physical server resources.

So why do WordPress sites get hacked so often?

The simple answer is because the platform is so popular that once you understand some of the basic security vulnerabilities you now have access to a lot of sites to go after. There are hundreds of millions of WordPress sites out there, and while the core is fairly secure, since there are so many themes and plugins people can add to their site (some with coding that might not be highly secure) the possibility of finding a flaw that gains you access to thousands of sites is much greater than focusing on smaller platforms.

How attackers gain access to WordPress sites

There are a lot of ways a hacker can gain access to a WordPress site but by far the most common method is to attack a plugin. The next most common attack is one of brute force. While core attacks along with themes, the host and file permissions occur as well, plugins and brute force attacks comprise over 70% of all risks.

There are over 47,000 plugins available in the WordPress plugin directory. That number does not include the thousands of unofficial plugins you can find floating around the internet. Much like apps, plugins are created by thousands of different people using different styles of coding and having the possibility of different exploitable errors. Plugins that are out of date, have been abandoned, or are not from reputable sites are often very vulnerable to attack.

There are also brute force attacks where hackers go after usernames and passwords. Once usernames have been guessed or obtained it is then a process to guess the password associated with that username. The reason this type of attack is still successful even with all the security measures we can put in place is because people are still very fallible and tend to do similar things out of ease such as using easily memorable names and passwords like your first initial and last name along with a birth date.

What can you do?

There are a few steps any website owner can take to help protect themselves which includes:

  • Never use Admin – The user called “Admin” is one of the most abused hacks out there. By knowing a primary user name already you have given hackers one piece of data to try and exploit. Instead generate a more random user name for the Administrator, but not something egocentric like God or King. Obvious names should be avoided along with usernames based on names of anyone who is listed on your site.
  • Check Plugins – Prior to installing any new plugin, research it carefully for known issues including things that haven’t been fixed yet. Then you can make a choice about security versus the usefulness of the plugin.
  • Hiring a professional service – There are many service providers out there, like ourselves, that provide security and assurance services on a monthly basis. This means you have a team at your back to handle protecting your site, looking for security issues with plug-ins and updates along with having your site backed up regularly so you can get back up in case something does go awry.
  • Reputable Sites – Never use plugins from non-reputable sites. For the most part we recommend only using plugins from the official WordPress directory. However if you do go somewhere else make sure you spend time researching them like you would any store before you make a purchase.
  • Use Wordfence – The free version of Wordfence includes login security features which can help prevent against brute force attacks.

The bottom line is that hackers and internet attacks are part of the world we live in. There are just people out there that do things that are harmful, illegal and annoying for their own gain. We have covered the basics about why do WordPress sites get hacked this week but if you want more information on how you can be protected feel free to contact us to discuss our Security and Assurance program.

Be sure to check back every Monday, Wednesday and Friday for great new top web development company blog articles.


Published on: December 7th, 2016
Blog cta banner bg


Related articles

3 easy ways to increase conversions on your website
4 min read

3 Easy Ways To Increase Conversions On Your Website

August 23rd, 2022

Getting people to your website is just one of the battles; earning conversions is what wins the war. Top website development companies know that some of [...]

The 5 email marketing techniques you should never use
6 min read

The 5 Email Marketing Techniques You Should Never Use

August 23rd, 2022

Email marketing is a very powerful tool in your marketing bag of tricks. However there are certain things that some marketers are doing regularly that actual [...]

Personalize your website with these 5 easy tips
5 min read

Personalize Your Website With These 5 Easy Tips

August 23rd, 2022

Personalization has been a hot topic lately as it relates directly to the user experience, which we all know has become paramount online. Most people enjoy [...]

Beware of web design company shells
6 min read

Beware Of Web Design Company Shells

August 23rd, 2022

It is a sad fact in today’s marketplace that you need to beware of web design company shells. There is a reason that people and businesses [...]

Should you be using audio branding
5 min read

Should You Be Using Audio Branding?

August 23rd, 2022

Branding is extremely important to your business because it helps consumers recognize and remember a product or service. It can help you connect to customers on [...]

Top 10 web design flaws that alienate mobile users1
6 min read

Top 10 Web Design Flaws That Alienate Mobile Users

August 23rd, 2022

Mobile users are the most common type of internet user these days and because of this, they are not a group that you want to alienate [...]

Why Do WordPress Sites Get Hacked?
Share On:
Newsletter Sign Up

"*" indicates required fields

0 of 60 max characters
0 of 60 max characters

Request a Proposal

Fill Out Our Form & We’ll be in Touch Shortly

"*" indicates required fields

Type of Project*

New York City
112 West 34th Street
18th Floor
New York, NY 10120
Long Island
991 Main St.
Suite 200
Holbrook, NY 11741
Washington D.C.
1101 Connecticut Avenue NW
Suite 450
Washington, DC 20036
424 Church St
Suite 2000
Nashville, TN 37219
Los Angeles
1100 Glendon Avenue
17th Floor
Los Angeles, CA 90024
1221 Brickell Ave
Suite 900
Miami, FL 33131
170 Meeting Street
Charleston, SC 29401
919 E. Main Street
Suite 1000
Richmond, VA 23219