Most of us just heard it on the news, or read it on some techie blog, while a small percentage of people might have experienced it first hand, maybe because they were simply unlucky or naive enough to never update WordPress core and its plugins: WordPress websites gets hacked more often than what you might think.
Hackers are looking to break into your WordPress site. That’s a fact.
Let’s put it simple: WordPress powers close to 30% of the entire web (as of February 2018). That’s a humongous number of websites, a perfect number to make this CMS a juicy target for malicious hackers around the globe, who can set up automated systems to find and attack even thousands of websites at a time.
If you’re thinking that your site is too small or new to earn the attention from hackers, think again. It has been recently brought to attention that a skilled enough person can find fresh WordPress sites within 30 minutes from their creation.
But why would a malicious hacker be interested in your small hobbyist website?
There are a lot of reasons to be interested in hacking a big and famous website, but countless more in hacking small and unknown ones. Here we will see what are the 10 most common reason for hacking a WordPress website:
1. Spread viruses and malicious software
Malicious hackers could place dangerous content in your website directly by injecting malicious code in your PHP files, or by uploading viruses, malware, adware, etc. When you visitors interact with that piece of code or when they download the file, they unwillingly and unknowingly help to spread the “infection”.
2. Store illegal files
Torrents, stolen confidential data and other illegal content such as child pornography in a worst case scenario could be hosted on your website, without you even noticing it for a long time. The only obvious indication that your website has been hacked for this purpose, would be a spike in disk and bandwidth usage. So keep an eye on them from time to time.
3. Host phishing pages on your website
Hackers can create a fake page on your WordPress site in an attempt to collect information from visitors willing to give it. They can do this by simply embedding a contact form on any of your pages or by redirecting your visitors to another website where that information will then be lifted. Google regularly blacklists thousands of websites because of countless phishing scams.
4. Steal your bandwidth
Bandwidth is an expensive and sought after resource, and your WordPress website could be targeted to use (and abuse) its bandwidth. Stolen bandwidth is typically resold to generate profit or used for VoIP, torrents and other similar purposes.
5. Black-hat SEO campaigns
Someone can hack into your WordPress website in order to carry out their black-hat SEO campaigns. For example by adding keywords and backlinks to their pages into thousands of WordPress websites, they aim to rank better in search engine results.
6. Stealing personal, private or business information
If you let your visitors register on your website, buy a product or a service, or share sensitive information with you, a hacker could be interested in gathering their information for its own purposes. Sending spam mass emails, stealing passwords or credit card numbers, and selling private information are among the most common way of using stolen data.
7. Mining cryptocurrencies
With the tremendous increase of value of cryptocurrencies in 2017, another common reason to hack a WordPress website is to use your visitor’s CPU to mine various cryptocurrencies. This can be easily done by adding a small piece of code in your PHP files. As a result, your visitor’s computer will start to slow down while visiting your pages, their cooling fan will start to be noisy and annoying, and you might lose web traffic and trust in your brand.
The internet is the land of the free… kind of. Everyone can have a website and publish his/her thoughts, but not everyone would agree with the message they are trying to promote. Your website could get hacked for what is commonly known as “hacktivism”, to show the world that someone do not support what you’re saying. This could happen especially if your website is about delicate topics like politics, religion, and other common aspects of modern society.
9. DDoS attacks
Your website can be taken down by overloading your web server with a huge amount of incoming hits. This is known as a distributed denial of service (DDoS) attack, and it’s carried out because of multiple reasons: simple vendetta against your brand or persona, in order to demand a ransom, or maybe just as part of a major widespread attack.
10. For fun or as a learning experience
Hacking is fun, and a WordPress website could be a great playground for hackers wannabe to learn the basics. Not all hackers are “evil”, there are many ethical hackers who work to make the internet a better place, but some others might have personal and malicious interests, or maybe they are simply not aware of the consequences of their actions.
How you can protect your website?
As a website owner make sure to take WordPress security seriously. WordPress is not 100% bullet-proof, but don’t be scared. There are some steps to take in order to put up a good defense and reduce the risk of getting hacked to a very low probability.
Here is a quick checklist for you:
- Always keep your WordPress core, plugins and themes updated
- Do regular and frequent backups of your files and database
- Choose a good hosting provider of properly configure your servers
- Use a good WordPress security plugin
- Enable an SSL certificate, even a free one is great
- Use strong and unique password
We can help you with all this!
By letting us take care of all your WordPress need, you will have more time to dedicate to your business. Our WOptimization plans are what you need to keep you website secure, fast and always up-to-date.
[ Header mockup credits: Freepik ]