WordPress has become one of the leading web platforms that powers millions of websites. Unfortunately, for WordPress, they have also become a major target for hackers.
With news surfacing of a new vulnerability, WordPress users need to be aware of the vulnerabilities and the dangers of running an out of date or unsecured WordPress installation.
What can happen if your WordPress site is attacked
Many WordPress hacks begin with Hackers injecting malicious programming into the website which grants them control over the site. Once a hacker has control of a website they can install programs to infect your visitors, compromise your secure data, redirect your site traffic to a new website entirely, and much more.
Hacked websites will often contain pharmaceutical terms (Viagra, Cialis, weight loss pills) or other spam that is unrelated to the website. Hackers can conceal this content in code so that is not visible to the human eye, but is visible to Google bots or other search engines crawling your site. Once this information is indexed by Google, people searching for your site will instead see search results for pharmaceutical companies which originate from your site URL.
Another common form of WordPress hacking involves redirecting your website URL to a different site, or redirecting individual links within a website. For example anyone visiting http://yoursite.com would instantly be forwarded to another website determined by the hacker. The latter method involves the hacker selecting individual links within a website that when clicked will then redirect the user to a new site. This method is much harder to detect.
Why Hackers target WordPress
Since WordPress is an open source platform that powers millions of websites, it has become a target for hacking due to the high volume of sites and extensive documentation that is available. Each time WordPress is updated, they publicly release an update with the new changes and security measures making it easy for hackers to determine possible vulnerabilities in past versions and capitalize on them. Also, WordPress site owners make it easy for hackers to access their site because many of them are not routinely upgrading and securing their sites.
How You Can Secure Your WordPress Site
While there is no way to guarantee 100% security there are a number of preventative measures we recommend.
- Avoid easy passwords and update all passwords routinely
- Always keep the most current version of WordPress installed
- Keep all plugins up to date
- Keep your site clean – delete unused files, media, and plugins
- Monitor for malware
- Choose the right web host
We are here to help
If your WordPress site has been compromised, or is vulnerable to attacks, we are here to help. Our team will upgrade your site to the newest version of WordPress, update all passwords, complete a full site backup, and implement multiple security features to secure your site against future attacks.
Learn more about our WordPress services and security or contact a consultant today.