Why was my WordPress website hacked?

Webpages are typically made up of static HTML markup code and CSS that can be laid out by a web designer familiar with code using a simple text editor. In the early days of the web, this is how web pages were made. WordPress goes much further than this and is a modern and wildly popular Content Management System (CMS) estimated to run over 35% of the World’s websites. A Content Management System uses executable code and a database to allow users to create content, store, edit and publish from a feature rich interface without having to resort to coding.

Like all software, WordPress is vulnerable to security breeches. But the popularity of WordPress means that there is no shortage of bad guys trying to hack your site. It’s not (usually) personal. The bad guys use software to automatically search the web looking for insecure websites where they can install fake password phising forms, links to pornogrophy or sex pills, or just to use your web space to send spam emails. If your website is insecure, you’re just low hanging fruit for the bad guys.

WordPress vulnerabilities are regularly published on https://wpvulndb.com/ for the good guys to understand, but also are available for bad guys to exploit. Luckily WordPress and WordPress theme and plugin developers releases regular updates to their code to ensure the core software remains secure as possible and this code is usually released before the vulnerabilities are made public. You can probably see from this, it is advisable to update the software at your earliest convenience.

Reasons your WordPress Website Gets Hacked:

Insecure or out of date plugins, themes or WordPress core

Insecure passwords

If you are using an easy to guess password (a dictionary world, your mother's maiden name, your dog's name etc.) we recommend you change this as soon as possible. The article below describes how to do this. WordPress will suggest a secure password or you can enter your own, in which case WordPress will let you know if your password is secure.

We recommend accepting the unique password provided by WordPress and using a password manager such as Keeper to manage your secure passwords.
  • How to: Change your WordPress Password from the Dashboard
  • Article published 02nd November 2023
    Last modified 02nd November 2023