4 Common Reasons Why WordPress Sites Get Hacked
Weekly tips, strategy, and advice for building & leveraging your website to maximize your business.
Welcome to episode 18 of Websites Made Simple podcast where we are covering 4 Common Reasons Why WordPress Sites Get Hacked!
In this episode of Websites Made Simple Podcast I am covering 4 common reasons why WordPress sites get hacked and what you can do to prevent it.
Most entrepreneurs don’t understand why hackers go after small businesses. Like millions of WordPress users, they believe that they are safe because they are small…
…but small websites are the best websites for hackers to break into!
Fortune 500 companies have the money and manpower to create iron-clad firewalls, so their websites are a lot harder to hack. There are plenty of hacktivist groups that are obsessed with large organizations, but most hackers will go for the low hanging fruit.
Small businesses are vulnerable because they think that they are invulnerable, and as a result, their websites can be hacked in a matter of seconds.
WordPress has a wide range of features that can protect your website from hackers, but your login information is your first line of defense. Hackers use software programs to find millions of alphanumeric combinations, and with enough time, they will be able to hack the password for your admin account.
We’ve seen the damage that hackers can do to vulnerable WordPress sites, and we don’t want to see the same thing to happen to our clients. They know that a complex password can protect their website from hackers, but unfortunately, they used words, phrases, and numbers that are easy for computer programs to crack.
Weak passwords are one of the most common reasons why WordPress sites get hacked. If you are looking for an easy way to protect your website from hackers, these tips will help you change your login information:
- Create a long password that doesn’t include any words (such as “9124nsasi29430k39c@924”); the more characters it has, the longer it will take to crack.
- Use letters, numbers, and symbols in your password, because a hacker will have to calculate more combinations to come up with an identical term.
- Sometimes hackers get lucky, and the last thing that you want to do is to give them enough time to find your password. Change your login information every 90 days to make it more difficult for them to hack into your account.
Your WordPress Plugins
One of the biggest benefits that WordPress users have is the ability to add specialized programs to their websites. There are more than 55,000 plugins that are available on WordPress.org, but some of them cause more problems than they solve.
There are plenty of plugins that have monthly subscription/licensing fees, and the most popular plugins have premium versions that our clients have used for years. Unfortunately, there are millions of WordPress users that choose free plugins that are supposed to provide the same benefits as premium plugins; when their website security is compromised, they’ll pay for that choice over and over again!
Hackers want you to download plugins from disreputable sources because they can use the security holes in those programs to hack into your website. With thousands of untested plugins for you to choose from, it’s no surprise that these programs are one of the most common reasons why WordPress sites get hacked.
You don’t want to become the victim of a cyber-attack; here are a few things that you can do to protect your website from hackers:
- Update your plugins on a regular basis; reputable brands will fix security issues that they discover in their programs.
- Don’t download a plugin from a disreputable website, because it could provide a backdoor for hackers to break into your WordPress site.
- Limit the number of plugins that you use, because your website will become more vulnerable when you have a large number of programs that are out of date and unused.
- Read more about my favorite security plugin here.
Your Website Backups
Like many WordPress users, you may rely on the automatic backups that your hosting service provides. You can use those backups if your WordPress site is hacked, but they won’t protect you from future attacks.
When you backup your website, you save all of the material on your WordPress database to a zip file…including security holes that hackers can creep through. If your website is hacked, you can restore the most recent version of your WordPress site; either way, the coding problems will still be there.
Your friendly neighborhood hacker can break in through the same door that they used the first time. If they’re intelligent, they’ll wait until you’ve collected more sensitive information (like customer addresses, passwords, and credit card numbers) before they attack; that way, they’ll gain more leverage while you repeat the same mistakes that compromised your security in the first place.
Here are some of the tips that we’ve given to our clients:
- Create a backup strategy that will protect your website from hackers; a reputable agency like Path Media Web Design & SEO will choose plugins that provide website security for small businesses.
- Every time that you add a new plugin, theme, or feature, you should save the current version of your website. If you are hacked after you add a new program to your WordPress site, you can upload a version that does not have the same loopholes.
Your WordPress Site Is Not Secure
When I discuss website security with small businesses, they understand the value of complex passwords and reliable backups…but when I bring up SSL certificates, they sometimes don’t understand what they are or just how important they have become. After all, it’s just a URL; how could something as insignificant as an HTTPS extension protect your website from hackers?
Well, for one thing, it makes it more difficult for hackers to access your information. Secure Sockets Layer (SSL) technology can encrypt the data on your website to protect credit cards, addresses, and social security numbers from external threats. Your customers will see the padlock and “https://“ prefix that is attached to your website address; this symbol will let them know that your website is secure, and they will be more willing to make payments online.
But there is another benefit that you should consider: the most popular search engines, like Google and Yahoo, are doing everything that they can to protect their users. If you do not have an SSL certificate on your website, you may see a red exclamation point next to your URL that indicates that your website is not secure. This can have a negative impact on your search engine rankings, and you don’t want to mess with your SEO strategy. Here are some tips that will enhance your website security:
- You should have an SSL certificate if you (1) sell products or services online, (2) collect sensitive information, or (3) ask for login information on your WordPress site.
- Buy an SSL certificate from a trusted Certificate Authority, like Comodo, VeriSign, or GeoTrust, because it will provide an additional level of website security for small businesses.
I’ve given you plenty of tools that you can use to protect your website from hackers, but at the end of the day, you are only one person; an experienced hacker can and will break into your website if you don’t have the right security measures in place.
I am a proud affiliate of some of these tools. That means if you click the links and then make a purchase of those products, I will earn a small commission. Affiliate links absolutely do not cost you anything additional.
All of the affiliate links are clearly marked for your benefit. Please know that I recommend these products and chose to be an affiliate because I truly believe in them, use them, and know they work.
About the Show
Created for the non-techie entrepreneur, John Dockins reveals all of his website and online business strategies, income sources and killer marketing tips so that you can be ahead of the pack with your website and online business.
Self proclaimed “coffee addict”, you’ll learn how to build authority online using content management systems like WordPress, email marketing, search engine optimization, content marketing, and much more so that you can create something amazing without burning yourself out.
Websites Made Simple Podcast
John is a family man who also owns his own web design agency and has won several design awards for his work.