How & Why WordPress Sites Get Hacked
July 22, 2020
WordPress started as a blogging tool; however, throughout the years, it evolved into a robust and powerful website builder and content management system (CMS). According to a survey from 2019, 32.3% of all the websites on the internet are powered by WordPress.
Thanks to being a versatile, SEO friendly, free, and open-source software, WordPress has become so popular. However, at the same time, as any CMS, it’s also vulnerable to attacks. Depending on the damage, it may take some time to recover a hacked website, and in some cases, cost a lot of money to the business.
As a business owner or as the website manager, there are preventive measures you can take to avoid your WordPress website from being attacked. Before we jump into them, let’s review 5 top reasons why WordPress sites get hacked.
1. Outdated CMS, plugins, or themes
When websites are running on an outdated WordPress version, plugins, or themes, vulnerability increases, the updates are meant to fix bugs, improve performance, add features, increase security, and more. If they are not up to date, hackers can take advantage of the weak points.
2. Poor security practices
When poor security practices are performed, WordPress websites can also become vulnerable to hackers’ attacks. A few checkpoints you could add to your site include two-factor authentication, being on top of the activity logs, and by installing a WordPress security plugin.
3. Password not strong enough
Using strong passwords is a must. Don’t only comply with the length WordPress suggests when creating it, but use a combination of characters, letters, and numbers. There are plugins you can installs that follow strong passwords policies; one of them is Password Policy Manager.
4. Web hosting is not safe
Another factor that influences the security of your website is how safe the hosting is. Web servers that are not securely protected aren’t able to block attacks, which can mean that one or several of the websites hosted in the server will get affected.
Several companies offer WordPress hosting services, our preferred hosting, and the one we use at Hite Digital is SiteGround. They have great support and are proactive with their updates and special features dedicated to WordPress sites.
5. Using FTP over SFTP/SSH
It’s common for web developers to request FTP access when updating the website, creating a new one, or uploading new files. FTP connections allow access to the storage of the website’s data without the need for providing hosting access.
If you get asked for FTP access, check the protocol options with your web hosting manager, pick SFTP or SSH, as they are safer and will send your password encrypted to the server.
Wrapping Up What We Learned Today
WordPress is powerful and a top choice for SEO. Staying on top and taking preventing measures will help avoid attacks. Some of the actions you can take are:
- Regularly update the WordPress version, plugin, and theme
- Put in practice security practices
- Use long tail passwords and install a password policy plugin
- Choose a secure web hosting with excellent customer support
- Use SFTP or SSH
We encourage you not to limit these tips to secure your site. If you have questions or require web design services, we will be happy to help.
With an architecture degree and over 4 years of experience in digital marketing. Profound love for arts, photography, traveling, family, and helping others.