Fre­quent Word­Press hack­er attacks are an ongo­ing risk, and hap­pen to thou­sands of web­sites every day. There is hard­ly any­thing as dis­turb­ing for your online busi­ness than to wake up one morn­ing and see your site has become a tar­get of a hack­ing attack. Gath­ered user data is in dan­ger, and rev­enue flow could be inter­rupt­ed. Per­haps the worst part is the uncer­tain­ty of whether the dam­age can be reversed.

Here is the most impor­tant infor­ma­tion you need to know about Word­Press hacks. Keep read­ing to learn about how Word­Press hack­er attacks hap­pen and what you can do to pro­tect your site from hacks.

Why is WordPress so often the target of a hacking attack?

Accord­ing to the Sophos Secu­ri­ty Threat Report from 2012, almost 30.000 web­sites are being hacked every day. Based on Google’s research, the num­ber of hacked web­sites is grow­ing by an addi­tion­al 30% every year.

In 2017, there were between 10- and 30-thou­sand brute force attacks a day, mea­sured by Word­fence. These are only Word­Press web­sites that are mon­i­tored by Word­Fence. The total num­ber of attacked web­sites is much larg­er and the risk is increas­ing. The high num­ber of attacked web­sites is not because Word­Press is lack­ing in secu­ri­ty fea­tures, but because the plat­form has become the world’s num­ber one CMS. Sim­ply put, with­out qual­i­ty pro­tec­tion and secu­ri­ty mon­i­tor­ing your web­site is at risk every day.

The most common methods of WordPress hacker attacks

There are sev­er­al com­mon ways to hack a Word­Press site. The great­est threat comes from:

• Inse­cure host­ing servers
• Out­dat­ed plu­g­ins and themes
• Direct brute force attacks against the admin­is­tra­tor login page

WordPress hack entry points

Accord­ing to WPTemplate.com research, here is how hack entry points for Word­Press are distributed:

• 41% get hacked through vul­ner­a­bil­i­ties in the host­ing platform
• 29% occur due to the inse­cure and/or out­dat­ed themes
• 22% hap­pen through a vul­ner­a­ble, usu­al­ly out­dat­ed plugin
• 8% hap­pen due to weak passwords

How can I keep my WordPress site safe from hacks?

To keep your Word­Press web­site safe you need to min­i­mize hack entry points and main­tain your web­site reg­u­lar­ly.

When it comes to host­ing serv­er-relat­ed issues, you should look for a high-qual­i­ty host­ing ser­vice. Your web­site should be host­ed on secure servers that are close­ly mon­i­tored and have fre­quent backups.

 pur­plenote:The most fre­quent caus­es of Word­Press hack­er attacks are out­dat­ed plu­g­ins and themes.

You can help alle­vi­ate the risk of Word­Press hack­er attacks by choos­ing well-sup­port­ed plu­g­ins and themes that are reg­u­lar­ly updated.

Last­ly, there are brute force attacks. The attack­ing algo­rithm is try­ing hun­dreds and thou­sands of com­bi­na­tions as it attempts to log into Word­Press as an admin­is­tra­tor. You might be sur­prised to hear that most Word­Press instal­la­tions have very weak user­names and pass­words. Some of the most fre­quent­ly used are “admin”, “tes­tad­min”, “user1”, “Author1” and straight­for­ward pass­words such as “1111” or “1234”.

To pro­tect your web­site from brute force attacks, the key is in avoid­ing weak pass­words. All users of the admin area should have strong pass­words and unique user­names. A strong pass­word is a com­bi­na­tion of 10+ let­ters, num­bers, and spe­cial char­ac­ters. One trick that also helps is mov­ing your login page to a non-default URL, as well as adding a dif­fer­ent pre­fix to the data­base files.

WordPress Maintenance

Word­Press main­te­nance is high­ly impor­tant for the con­tin­u­ous func­tion­ing of the web­site. There are many prob­lems that can appear if you fail to main­tain your Word­Press instal­la­tion prop­er­ly. Ground rules you need to take into account regard­ing the plu­g­ins and themes are:

• Do not install plu­g­ins that are not com­pat­i­ble with the lat­est ver­sion of WordPress
• Do not install plu­g­ins that lack support
• Update your plu­g­ins and Word­Press theme frequently
• Only use pre­mi­um Word­Press themes, which have qual­i­ty sup­port and reg­u­lar updates
• Use strong, unique passwords

purpletools maintenance service

Most Word­Press hacks are essen­tial­ly auto­mat­ed attacks, which is actu­al­ly a good thing. They are orches­trat­ed and con­duct­ed simul­ta­ne­ous­ly against tens of thou­sands of web­sites. The best way to fight mali­cious algo­rithms is to auto­mate your defence.

As a busi­ness own­er, you already have a tight sched­ule. Your time is valu­able and it’s impos­si­ble to con­stant­ly mon­i­tor your web­site for pos­si­ble attacks. That’s why we are offer­ing a ser­vice of reg­u­lar main­te­nance, secure back­ups, and pro­tec­tion from web­site hacks. You can choose from 3 dif­fer­ent plans to get the lev­el of main­te­nance and secu­ri­ty ide­al for your web­site. Once the fre­quent back­up sys­tem is in place, we can focus on the reg­u­lar main­te­nance and site-wide pro­tec­tion, and ensure the well-being of your website.

Find out more about our pur­pletools main­te­nance ser­vice.