3 Reasons Your WordPress Site Could Be Hacked..And What to Do About It

  • By
  • Posted

WordPress users should be aware of the security risks associated with their websites.

Every day, but more realistically, every hour - a WordPress website is hacked. The damages of these hacks can range from a mild annoyance to terribly damaging both to a business’s reputation and the owner's wallet. This post is the first in a series on website security. In this digital era, cybersecurity is no longer an option - it is a mandatory issue.

We can all name big hacks. Equifax, Target and HBO should come to most of our minds.

Leading to the question:

“Who hasn’t been hacked?”

Or more importantly:

“Am I next?”

I don’t intend to use the threat of hackers as a scare tactic, but the seriousness of cyber-threats cybersecurity should be on your mind.

There are many fronts to the cybersecurity battle. From your internal and home networks to your personal health and banking data. The topic I will be discussing today involves your business’s WordPress website.

WordPress is a hacker's favorite for three main reasons:

1. Popularity

WordPress powers 26% of the web and boasts a nearly 60% market share for Content Management Systems (CMS). In other terms, more than 500 WordPress websites are started every day. Checkout more usage statistics here.

No wonder WordPress is singled out as the most hacked CMS in the world. There are millions of opportunities for hackers to exploit and compromise WordPress simply because of the number of sites available. They get a lot of practice.

2. Third Party Add-Ons

Because WordPress is open source, thousands of developers and third party companies can create Themes and Plugins to run on WordPress. These are where the vulnerabilities really begin to stack up.
cc When you install a theme or plugin, you are trusting the work of a developer or company you don’t actually know.

Is the quality of the code excellent?

Has the developer kept the theme or Plugin up to date?

What known bug issues are out there?

Can they be used by a hacker to gain access to your website?


As you can see, Plugins or third party additions to your WordPress website are a very real security risk. But even they aren’t the real reason your WordPress website is at risk.

It pains me to say it, but the real reason is you.

3. Neglect

Many of the vulnerabilities associated with WordPress and third party add-ons can be managed by simply keeping everything up to date.

This may sound simple on the surface, but it becomes extremely complicated as users add Themes, Plugins and other tools to their WordPress sites.

A common issue comes when updating a theme or Plugin. The update will inherently break the functionality of a different plugin. Meaning you are constantly juggling with maintenance issues facing a common question:

Is security worth the headache of constantly disrupting my website’s functionality and design?

Sadly most WordPress websites do not even deal with that headache. They are simply neglected.

Over 56% of the basic WordPress CMSes are not up to date, not to mention the dozens of themes and plugins installed on top. Tragically, many small businesses lack the time and ability to do the important work of properly maintaining their WordPress websites.

Again, my intent in writing this is to inform business owners, like yourself, who are using WordPress, that they can keep their sites safe by taking 2 simple steps:

Use trustworthy plugins and themes

Spend the hours and due diligence to keep your software up to date.

Whether you choose to do it yourself or hire an outside firm, security should a big focus when it comes to your website.

If you looking for a better way to maintain your website, including both design and security, check out our solution to the DIY Dilemma plaguing small businesses and their websites.