WordPress is the most popular platform used on websites today and is used by 41.4% of the top 10 million websites as of May 2021. It is open source software. Which means the software is free to download, take apart, rewrite and contribute to. It also means if the proper security measures are not in place, it is vulnerable to hackers.
What does hacked mean?
Typically, once they gain access, the hackers add malware files to the server. This malware can redirect users to another website, or it can replace or add content to your pages, or they can take the site down completely.
Common reasons websites get hacked:
Shared or Insecure Hosting
Unfortunately I have had customers whose website was hacked. In all cases they were using one of the many discount hosting companies. The hosting environment was “shared” which means along with sharing the resources on the server you are also sharing malware. If one of the sites on the server gets hacked, your site is likely to get hacked as well. For more information on choosing a good host read this article.
No SSL Certificate
An SSL certificate is a digital certificate that authenticates a website’s identity and enables an encrypted connection. SSL stands for Secure Sockets Layer, a security protocol that creates an encrypted link between a web server and a web browser. Companies and organizations need to add SSL certificates to their websites to secure online transactions and keep customer information private and secure. For example, customer data from and online transaction or from filling out a contact form. When you see a padlock icon next to the URL in the address bar, that means SSL protects the website you are visiting.
Plugins are responsible for many hacked sites. Plugins are software added to a site to extend the functionality. Some examples of plugins are contact forms, image galleries, and ecommerce. Plugins can be free or downloaded for a fee. In either case it is very important to keep plugins updated with the latest security fixes. Outdated plugins are an open door for hackers.
WordPress and Theme not Updated
Like plugins WordPress itself needs to be kept updated, along with the theme that is installed on the site. It’s always a good idea to have a maintenance plan in place so that all the software on your site is updated on a regular basis.
Weak WordPress Login and Password
The WordPress Login can be the entry point for hackers. A secure password is the first step to a safer site. You can also add Two Factor Authentication to your WordPress login. Two factor authentication adds an extra step to the login process but can be very effective in keeping hackers away. A plugin that I have used and had success with is Google Authenticator. It works in conjunction with an app you install on your phone. The app will display a string of numbers you then enter in the WordPress login form.
Let us know if you suspect your WordPress website has been hacked. We can clean it up and move your site to a secure host.