Types and causes of WordPRess website hacks
Learn the types of security problems you could have with your WordPress website.
"Malware" covers ALL types of harmful software, including viruses, ransomware and trojans. You've probably seen it; if you've ever had a popup in your browser warning you that you have X number of viruses and you should download software Y now" to remove them ... you've had a close look at malware.
Malware can do all sorts of nefarious things like recording what you type, sending your confidential information to the hacker's site or just doing mindless damage like deleting files or locking your computer until you pay a ransom.
Phishing attacks frequently happen via an email enticing you to log into a website you're familiar with such as a bank, PayPal or other site that might store sensitive information about you. Clicking a link in the email takes you to a website that looks authentic but is actually a copy made by the hackers to fool you.
Unknown to you you are actually logging into a "fake" site and handing your credentials over to the bad guys.
SQL is yet another computer language. Your WordPress website uses SQL (Structured Query Language) to communicate with its database. In a nutshell an SQL injection could replace an SQL query (a request to the database) with other code that causes the database to do something the hacker wants, like dumping a list of all customer data to a file and sending it to them. WordPress plugins and themes are regularly found to have code that's vulnerable to these types of attacks.
An SQL injection attack is one of the oldest, most widespread and most dangerous of hack attacks.
Did You Know?
A website maintenance plan not only protects you from these types of attacks. It can also save you up to 10 hours of frustration and uncertainty each month.
With so many online accounts nowadays, people regularly reuse the same password on multiple websites. If a hacker can discover just one password you use, they potentially can get access to any other site you use that same password for.
Missing software updates
The WordPress team are extremely diligent about patching and improving their software. WordPress users are, unfortunately not as diligent about installing those updates.
Once a security problem is discovered (both the good guys and the bad guys are researching these constantly) your site is vulnerable until you apply the latest updates. This is the most common method of automated attack on WordPress websites.
Insecure themes and plugins
Because people all over the world contribute code to WordPress in the form of themes and plugins, it's easy for some of these to be insecure.
Again the best protection here is to keep your themes and plugins up to date.
Poor Security policies
If multiple people have access to your website don't just give them all "Administrator" access to "make things easier." Give users only the access level they need and avoid accidental (or otherwise) damage from misuse of their account.
Once at college a friend bet me that I couldn't discover her mainframe password. Knowing what I knew about her course, her assignments and her activity, within 24 hours I was able to convince a friendly computer department secretary to change the password so I could log in.
People are often less secure than computers.
Distributed Denial Of Service, or DDOS, attacks are widespread, easy to launch and can bring down a website without much risk to the attacker. Multiple computers are used to make an online service (such as a website) so busy that the server can't handle the traffic and crashes.
WPStrands: we're trying to help
End-user education would go a long way toward preventing all of the above problems.
To start your education take a look at our FREE E-mail course on protecting your WordPress website.
Our ultimate website maintenance guide was written for you.
Learn how to look after your website like the professionals by