WordPress Security and WordPress Hacking Explained

Back to Blog

WordPress security has been in the news more and more over the last few months, as we hear more stories of WordPress sites being hacked.  Because of the massive popularity of WordPress, it has become a favorite target of hackers. In this article, I’ll walk you through the basics of WordPress security – explaining what’s going on and what you need to know to keep your WordPress website secure and backed up.

Note: This article is written for site owners and administrators, not developers.  It’s not going to get into the technical details and tweaks that programmers use to secure WordPress.  This is a practical introduction to WordPress security issues for a typical website owner or administrator.

What Happens When A Site Gets Hacked

When a WordPress site gets hacked, the site is altered by the hacker (or more often by the automated software which the hacker wrote).  The result is usually one of the following:

  • Your site may display ads for Viagra, Cialis, or other products/services
  • Your site may attempt to infect visitor computers with viruses (usually through the guise of a fake antivirus software)
  • Google or others may label your site as unsafe, blocking users from visiting your site
  • Your site’s data may be corrupted, causing you to lose text, images, or other content
  • Your site may lose position on search engine results pages
  • Your site may infect other sites on a shared host
  • Your site may go offline

How do Sites Get Hacked?

Sometimes sites are hacked because of a weak password (something too easy to guess).  More often though, hackers use a known vulnerability to hack the site.  They might know of a bug in your particular version of WordPress or a plugin which allows them to send code directly into the database or webserver.  They might get into someone else’s website on your same server and use that to access your site.

How to Prevent Your WordPress Site From Being Hacked

  • Keep WordPress, plugins, and themes up to date
  • Keep your administrator user passwords long and secure
  • Use a web host who takes security seriously
  • Make sure your web developer takes security seriously
  • Install good backup software into WordPress

WordPress security and updates are released quickly whenever a vulnerability is found.  Plugin and theme producers vary in how serious and careful they are about security.  The #1 way to keep your site secure is to keep it up to date – this eliminates a huge percentage of the risk.  Beyond that, be sure you are backed up, keep long passwords, use a secure web host.

Update Your WordPress Install – NO, Don’t Update!

The problem with updating WordPress and plugins and themes, is that it should only be done by a developer.  If you upgrade your own site without professional help, you could break it, and you may not have a backup.  It’s critical to use your developer to do the update, and they should be creating a test copy and verifying backup before upgrading.

Because of this many sites just don’t get updated. The site administrator is correctly scared to do it themselves, and the developer isn’t paying attention to older sites.

The Managed WordPress Hosting Solution

The newest answer to this problem is Managed WordPress Hosting and Support.  In this model, the web host or developer is responsible for keeping the website up to date, secure, backed up, speedy, and generally managed.  A good managed hosting solution will have all security updates installed within days of their release, and will have excellent backup.  A managed WordPress host also usually uses a 3rd party security service like Securi and external backup like Amazon S3.

Computer Courage is proud to offer Managed WordPress Hosting and Support.  We now offer a fully managed solution which fixes all of these problems.  We’ll keep the site up to date as soon as new versions or security releases come out.  We use 3rd party security scanning to look for malicious code.  We use external backup to Amazon S3.  Because all the sites on the server are up to date, you don’t have to worry about being hacked from someone else’s insecure site.  On top of that, our hosting is blazing fast.

What Version Am I On Now?

To check which version you are on now, please log into your WordPress Dashboard and check the bottom of the “Right Now” panel.  See the image below:


You can learn more about Computer Courage Managed WordPress Hosting & Support, or contact us today to sign up.  If you have other thoughts about WordPress security or hosting, feel free to leave ideas int he comments.