Types and causes of WordPress website hacks

Learn the types of security problems you could have with your WordPress website.  


"Malware" covers ALL types of harmful software, including viruses, ransomware and trojans.  You've probably seen it; if you've ever had a popup in your browser warning you that you have X number of viruses and you should download software Y now" to remove them ... you've had a close look at malware.

hacker - how a website can be hacked

Malware can do all sorts of nefarious things like recording what you type, sending your confidential information to the hacker's site or just doing mindless damage like deleting files or locking your computer until you pay a ransom.


Phishing attacks frequently happen via an email enticing you to log into a website you're familiar with such as a bank, PayPal or other site that might store sensitive information about you.  Clicking a link in the email takes you to a website that looks authentic but is actually a copy made by the hackers to fool you.  ​

Unknown to you you are actually logging into a "fake" site and handing your credentials over to the bad guys.

SQL Injections

SQL is yet another computer language.  Your WordPress website uses SQL (Structured Query Language) to communicate with its database.  In a nutshell an SQL injection could replace an SQL query (a request to the database) with other code that causes the database to do something the hacker wants, like dumping a list of all customer data to a file and sending it to them.  WordPress plugins and themes are regularly found to have code that's vulnerable to these types of attacks.

An SQL injection attack is one of the oldest, most widespread and most dangerous of hack attacks.

source code - how a website can be hacked

Did You Know?

A website maintenance plan not only protects you from these types of attacks.  It can also save you up to 10 hours of frustration and uncertainty each month.

Compromised Passwords

With so many online accounts nowadays, people regularly reuse the same password on multiple websites.  If a hacker can discover just one password you use, they potentially can get access to any other site you use that same password for.

Missing software updates

The WordPress team are extremely diligent about patching and improving their software.  WordPress users are, unfortunately not as diligent about installing those updates.

Once a security problem is discovered (both the good guys and the bad guys are researching these constantly) your site is vulnerable until you apply the latest updates.  This is the most common method of automated attack on WordPress websites.

danger - how a website can be hacked

Insecure themes and plugins

Because people all over the world contribute code to WordPress in the form of themes and plugins, it's easy for some of these to be insecure.

Again the best protection here is to keep your themes and plugins up to date.

Just three WordPress plugins are responsible for most plugin hacking problems; are you using one of them? Check here.

Poor Security policies

If multiple people have access to your website don't just give them all "Administrator" access to "make things easier."  Give users only the access level they need and avoid accidental (or otherwise) damage from misuse of their account.

Social Engineering

Once at college a friend bet me that I couldn't discover her mainframe password.  Knowing what I knew about her course, her assignments and her activity, within 24 hours I was able to convince a friendly computer department secretary to change the password so I could log in. 

Famed hacker Kevin Mitnick has always agreed: people are often much less secure than computers.


Distributed Denial Of Service, or DDOS, attacks are widespread, easy to launch and can bring down a website without much risk to the attacker.  Multiple computers are used to make an online service (such as a website) so busy that the server can't handle the traffic and crashes.

WPStrands: we're trying to help

End-user education would go a long way toward preventing all of the above problems.  

To start your education, try our services FREE for 30 days and see how we take care of your site.

Stop wasting

precious energy

on your WordPress website

Follow my free walk-through to quickly (and easily) learn how to:

Keep hackers out, run backups automatically and save yourself hours of time