My WordPress Hacked but WHY? If you are on your way to reading this article, you either have had WordPress hacked before or want to make sure you avoid the things that cause it to be hacked. Before we get into the nuts and bolts of this topic, it is important to understand that there is no software in the world 100% secure unless it is not online. With that said WordPress at it’s core is very safe and secure. What happens to make it less safe is the way it is used and setup. Mainly user error or overlooking simple security measures will create holes for hackers to get in and make a mess of things on your WordPress site. Below are a few of the main reasons why your WordPress site can get hacked. Actually the most common reasons we see.
WordPress Updates Not Performed
Performing updates on your site is so critical to maintaining a well running WordPress site. These updates include the core WordPress files, plugins and active theme. Is it always best to remove any plugins and themes you are not using avoid malicious code being injected into them. This will also free up space on your server. Do not get scared to update as in most cases, the updates provide enhanced security measure to protect your site. Have a good backup strategy as well in case things go haywire after an update.
This goes back to what was said earlier in this post about user errors creating security issues on your WordPress site. Hacked are smart and the programs they create are even smarter. A very basic and simple way to protect your WordPress site is to make sure you use strong passwords on every login that relates to your site. So not only the admin area that you log into but also your hosting account, FTP account and database. For some great resources on creating strong passwords, check out the link at https://www.wpfixit.com/create-super-strong-passwords/
Old Server Software
This one is often overlooked and can be the root cause of most infections we find. There are certain server requirements that WordPress needs to run smoothly and securely. The 2 major things must have is a modern version of PHP and SQL. These are the 2 software platforms that are the life and blood of your site running. We often see a customer using a server that is running a PHP version over 10+ years old. You can see the full list of hosting requirements at https://wordpress.org/about/requirements/
These are some of the most common reasons that cause people to come to us and clean out their infected site. Take a moment to audit your own site for all of these and just doing that will limit your chances of infections greatly. Let us know if you have any questions at all and check out the video below for even more simple security tips.
See our owner as part of Security Panel: Risk Factors and Best Practices