Makerere University

Enter a keyword or two into the search box above and click search..

How Wordpress Sites Get Hacked (And What To Do About It)

You are here


Having your WordPress site hacked is one of the biggest nightmares for any website owner.

From one moment to the next, your site is shut down. Traffic plummets and all the energy, effort, time, and money you put into your site is on the brink of being lost entirely.

Finding and fixing the problem is hard work, however, not as hard as winning back your audience’s trust or getting your site off spam blacklists.

While getting hacked is never pleasant, it is much more common than you would think.

The ascent of WordPress has painted a large bullseye on the back of the CMS and turned it into a favorite target for hackers.

In 2012 alone, more than 170,000 WordPress websites were hacked — a number that is likely much higher by now.

To spare you this unpleasant experience, in this article we will look at the reasons hackers target WordPress websites, the most common ways they gain access and what measures you can take to protect yourself.

This is compulsory reading for any WordPress website owner, so take notice!

Why Would Anyone Want To Hack Your WordPress Site?

Especially owners of smaller websites often think themselves an unlikely target for hackers.

After all, why would anyone care about your tiny blog? What could hackers possibly have to gain from compromising it?

However, when it comes to being hacked, traffic size, or popularity are not the deciding factors.

Hacking Attempts Are A Matter Of Opportunity

The first thing you need to understand is that it’s not about your site in particular or you personally. Most sites get hacked merely because it’s possible.

Only in rare cases do hackers have a specific reason to go for a particular site. However, that’s mostly true for large corporations like Sony.

For mere mortals like us, most of the time hackers go for our sites because we give them an opening, unknowingly as it may be.

Therefore, it’s not about logic or whether it makes sense to hack your site. No matter how small or insignificant your traffic, you are always a viable target.

Most Hacking Attacks Are Automated

One of the main reasons hackers don’t differentiate between the sites of different sizes is that attacks are almost always done automatically.

If you think someone typed your site address into a browser bar and had a good snoop around til they found something, you’d be dead wrong. This type of approach would be completely uneconomic from a hacker’s point of view.

Instead, just like search engines, hackers use bots to crawl the net. However, instead of indexing content, their bots sniff out known vulnerabilities. Automating the process allows hackers to attack many sites at once and thus increase their odds of success dramatically. Economies of scale at its best.

Thus, if your site gets hacked, it’s probably because it popped up on the radar of an automated script, not because someone consciously decided to target you.

Read more from this link