WordPress, it sounds as wholesome as apple pie and Chevrolet. Okay I’m over exaggerating a little bit here… People like WordPress because it’s easy and quick to setup. So easy, the WordPress blogging platform often becomes a makeshift CMS. And when this happens, it’s also easy for hackers to compromise your WordPress site. Here’s why you should never use WordPress for anything other than a blog.

And one comment before I start. I like to say, there are two types of WordPress users.

  1. Those who HAVE been hacked, and…
  2. Those who WILL be hacked.

Now Here are 3 Reasons Why Your WordPress Site Will Get Hacked.

1.    Hackers Know It’s Vulnerable

Let’s be honest, hackers do exist. The reason they hack sites may not always be obvious, but knowing a website is built on WordPress is easily one of them. Many hackers take the path of least resistance and WordPress is not known for being the most protected platform. The platform powers nearly 75 million active websites. That’s approximately 27% of all websites globally and 59% of the total CMS market share. With such a large footprint, this allows hackers to more easily discover weaknesses on one site and exploit other sites with the same symptoms. It’s basically like a cookie cutter template for hacking.

According to an infographic by WP Template, these are the most common points of entry into WordPress websites:

  • 41% get hacked through vulnerabilities in their hosting platform
  • 29% by means of an insecure theme
  • 22% via a vulnerable plugin
  • 8% because of weak passwords

As you can see from bullets 2 & 3, over 50% of website vulnerabilities come directly from WordPress.

2.    General Admin and Login Page

Speaking of cookie cutter, nearly all WordPress instances have ‘admin’ as the username which can be accessed at either /wp-admin or /wp-login.php. This might not seem like a big deal, but WordPress basically gave hackers an online map to your front door. Once a hacker is there, they can begin guessing your password. I know, the likelihood of someone sitting at their computer attempting to guess your password is unlikely. That’s because most hackers use software that enters random passwords on their behalf. This is often faster than guessing themselves and more effective.

3.    Open Source Software Updates

One of the top selling points of WordPress is its plugins. However, that is also one of its biggest risks. You save time and money by not needing custom coding, but you are also at the mercy of the plugin developers. With so many plugins and software updates happening on one platform, your site will quickly become outdated as plugins and software become incompatible and put your site at risk.

The other risk lies in the open source nature of WordPress. Since the system publicizes changes and security measures made with each release, it’s as easily available to hackers as it is your own web developers in every new release. I get it, exact code changes aren’t detailed, but anyone with some backend development experience can read the public information and identify vulnerabilities that were corrected in the newest release and know exactly where to target in websites with previous versions of software.

Tips to Protect Your WordPress Website from Hackers

  • Choose a reputable hosting provider
  • Perform Regular Backups (quality hosting providers should do this already)
  • Fortify your login
    1. Update your “strong” password frequently
    2. Limit login attempts
    3. Hide your login page
  • Keep WordPress and your plugins up to date
  • Hide WordPress version number
  • Disable plugin and theme editor
  • Turn Off PHP reporting