Under Attack: Why WordPress Sites Are So Popular with Hackers

30,000. That’s how many websites tech security experts and analyze estimate are hacked every single day, a staggering number even when you consider there are some 644 million active sites operating at any one time. And given these statistics, it’s little wonder why website security is such a booming business around the globe.


However, most people don’t consider an equally startling fact: WordPress sites are some of those most commonly attacked. Indeed, ask anyone who owns or operates one of the popular CMS platforms and they’ll likely tell you that—if they’re a vigilant administrator—they’re constantly configuring and reconfiguring their site for security and installing several different systems in an effort to keep the hackers out.

Why are WordPress sites so attractive to the malicious individuals lurking in the virtual world? One reason breaks down to a simple statistic: there are more than 75 million sites operating on the platform, so it would stand to reason that they would be extremely and easily targeted opportunities.

However, there are other reasons why WordPress sites are constantly under attack, and most of the reasoning draws from the motivation hackers have to aim their efforts here. Industry experts identify three key reasons: to send out spam email; to gain access to your data, client mailing lists and customer credit card information; and to gain entry to your site with the intention of downloading malware onto your computer and, in turn, onto the computers of your end users in a prelude to a large-scale attack that requires hundreds, thousands or even millions of machines to be successful.

By its very nature WordPress is ripe for hackers: as a platform that utilizes open source code—anyone can use, share it etc.—there is a ton of information being bandied about at all time. Additionally, WordPress relies on tons of plug-ins and add-ons, which means there are even more places for a security leak to develop. And when a crack in WordPress security is detected, too often the “black hat” hackers exploit that vulnerability before “white hat” hackers (those that report the problem so it can be patched and fixed quickly) can call the problem to the attention of the larger WordPress community. So the very thing that makes WordPress vulnerable also, fortunately, makes it one of the most secure CMS you can use thanks to lots of eyes keeping watch.

That said, there are some smart steps you can take—beyond the basics that come with the platform—that can greatly increase the safety of your site.

For one, before you install a new plug-in do a little research and check it out thoroughly to make sure there isn’t any online chatter regarding known and unfixed issues. Additionally, if you really want to cover all your bases consider enlisting the help of an outside company that specializes in WordPress security. These companies can do regular scans on your site for attacks and also automatically remove any malware that might pop up without you having to even thing about it.

Lastly, stay up-to-date with the security and bug fixes that WordPress offers, and keep tabs on what the online community of users is saying: as previously mentioned, they’re a fantastic source—perhaps the best source—of information for what’s new in the world of WordPress vulnerabilities and security.

Share This Post

Subscribe To Our Newsletter

Get updates and learn from the best