Any piece of software sitting online is a potential target for hackers and in this article we will cover the top causes of hacked WordPress sites.  This is especially true for WordPress.  Why you might ask?  Well, WordPress being the incredible software that it is, makes-up more than 25% of all websites on the Internet, which gives hackers a whole lot of potential targets.  This is especially true because so many web site owners neglect updating their sites when there is a security issue.  WordPress isn’t inherently less secure than other software, but there are more attempts on it. While this may sound like a down-side, it can actually be a plus as well.  There are MANY more developers working on WordPress which means that when there’s a security issue, it generally gets patched very quickly.

Below are the top causes of hacked WordPress websites:

• Software vulnerabilities – The number one way hackers get into your WordPress site is from not keeping your web site files up-to-date.  This is the top cause of hacked WordPress websites. There are three disparate types of WordPress files that need to be kept updated.

  WordPress Core Files:

  The main program that runs the website.

  WordPress Theme Files:

  The theme is what gives your particular website it’s look. A giant repository of free and freemium Templates are available here.

  WordPress Plugin Files:

  Plugin’s are essentially install-able modules that add additional functionality to your website. A giant repository of free and freemium Plugins are available here.

  WordPress gives you a few places to check if any updates are available for your website. While logged-in to your website, go to DASHBOARD > UPDATES for a complete list of everything and that can be updated. Be certain to always make a full back-up of your website before making any updates.
• Brute force attacks – This means guessing your WordPress login details. If you use the default “admin” or “administrator” usernames and weak passwords, you are giving hackers half of the details needed to login into your site.  Never use admin or administrator as a user name.  If you already have an account with this name, create a new administrative user account and, then delete the original admin / administrator account and assign any articles that were associated with the original account to your newly created account. Always use strong passwords for all of your user accounts, especially for your Administrator account(s).

Hardening Your WordPress Website

There are additional things that you can do to harden your website security.   Review the article here for some simple .htaccess tricks or here on installing and configuring the Wordfence security Plugin.