WordPress has been hacked, how come my WordPress website has been hacked?

WordPress has been hacked, how come my WordPress website has been hacked?
datum-geschreven 31 Aug 2023

You have a website that suddenly displays advertisements or forwards visitors to another website. Or worse, your website sends spam  (E-mails with unwanted advertising).

You haven’t changed anything on your website and yet your website was “suddenly” hacked.

Then the question arises: how come my WordPress website has suddenly been hacked?

  1. Would it be the programmer’s fault?
  2. Have I done something wrong in the website?
  3. Has someone deliberately hacked your website? The competition perhaps?

You have a lot of questions, but the answer is very simple on 99.9% of the websites:

A virus, script has modified your website. Completely automated and will affect thousands of other websites.

Is that so easy? Is there nothing to do about that? Who is behind those hacks?
Read on if you want those questions answered! (Brace yourself because it gets technical.)

The cause of most hacks: via outdated plugins and themes

Plugins and themes are responsible for 45% of hacked websites.
Hackers download the plugins and themes and test them for security vulnerabilities.
At wpvulndb.com you can see which plugins and themes are leaking.

A leak, what does that mean… it’s not a swimming pool!
A leak is a collective name for the possibility to give commands (hacking) to the server.
This can be done via input fields that are not closed, via files with wrong permissions, via incorrectly saved data and more.

Okay, now that you know that plugins and themes are 45% of the causes of a hacked WordPress website, you think: simply use few plugins and it’s solved!

But unfortunately, there are more security risks with a WordPress website. And that starts with the programmer who creates your website.

The security risks of your website in percentages:

de piramide van WordPress beveiling

As you can see, there are several factors that can make your WordPress website hackable.
The programmer, the web host, you as a user, the CMS itself and, as mentioned earlier, the themes and plugins.

Who goes to all that trouble to find and exploit security risks?

Hackers, cybercriminals, thieves.

And very occasionally ordinary citizens who live in countries where not enough money can be earned with the regular job. IT professionals who have been laid off but still have to support their families.
This can sometimes even involve intelligent ICT people with 20-30 years of experience. Or even entire IT departments…

Many hacks and attacks come from poor countries, since you only need internet and an old computer to write a virus/hack.

How does a hacker earn money from my website?

If you have a website that is about your family or about your hobby, you can’t imagine that a hacker can make money from your website.

Yet you can!

Link building
By placing links in your website, a hacker can increase his website considerably in Google.

Selling products through a wide range
The hacker uses your good name/website and that of thousands of others to sell his product.
Imagine you have a website with beauty products, and it contains a link to a product that prevents aging or other problems.
There are still a surprising number of people who buy such a product.

The product often costs 100-200 euros, has to be paid via the internet and ends up in an anonymous account. The product is not delivered.. and that gives the hacker a lot of money without incurring major costs.

And so there are many ways to make money when a website is in the power of a hacker.

WordPress seems very insecure, should I switch to another CMS?

It’s not WordPress that’s insecure, it’s the plugins, themes, and the aforementioned external factors that give hackers the ability to hack into your website.

WordPress is well maintained and secured, you just need to know how to handle it.

I’m just starting a new website, should I choose another CMS?

Every CMS has to deal with hacks.

The programmers of WordPress (Automattic) work daily to keep the CMS as secure as possible. New updates are regularly released to keep the system safe.

40-60% of all websites in the world run on WordPress, and for good reason.

WhyWordPress is a good basis for company websites, webshops and blogs

  1. WordPress is open source and can be downloaded for free at WordPress.org.
  2. You can expand your website with more than 55,000 plugins.
  3. For questions you can contact many WordPress programmers, designers and forums.
  4. WordPress is continuously being developed.
    (Think of the REST API, Gutenberg editor, Privacy options, SSL support)

What can I do to secure WordPress?

Install and configure a security plugin:
First of all, it is important that you a good security plugin a> installs. A security plugin works like Antivirus & Firewall for your website.

It is important to set up the security properly.
The security plugin needs to be tuned to best protect your website against hackers and hack scripts, but your WordPress website and plugins must have permissions to function.

Using plugins:
Limit the number of plugins, as each plugin contains a series of code that can be used by hackers to get into your website.

The hosting:
How do you know if a hosting party is good?
Make sure they have 1 of the most recent php versions.
Do not go for a budget package of 1 euro per month, but pay a little more to a hoster who also provides support by e-mail or preferably even by telephone.
Choose a hosting party that has been around for a number of years and that has many customers.
This way you have a reasonable chance of finding a good hoster, where your website is on a secure server under the supervision of specialists.
Note: They are responsible for the functioning and keeping the server online, they are not responsible for what you or a hacker does with your website. They can therefore not fully protect your website against hackers, that is simply not their job.

What does it cost if I have my WordPress secured?

We offer a monthly maintenance subscription where we secure WordPress and keep it up-to-date. We also check the website for break-in attempts and we actively prevent hackers.

You can easily request that subscription, click here for the current rate.

Yes, but my WordPress has already been hacked!

We can remove the hacks and ensure that the hackers no longer have a grip on your website.
We will not calculate the costs for this in 1x, but through an affordable subscription.

After removing the hacks, backdoors and blocking the hackers, we keep your website up-to-date and keep an eye on it.
This way you can be sure that you are rid of those miserable hacks and hackers, and that they will not come back!

Have your WordPress website now hack-free and secured by us.

10+ years of WordPress experience

We have been working with WordPress since 2007. We have developed hundreds of websites, all with WordPress. We have been doing the management and maintenance for our customers for years.
With us you can assume that your WordPress website, large and small, is in good hands.

But… everyone calls themselves a WordPress specialist, even people who can only read the manual of a theme or plugin…

And that is why we recommend that you contact us before you let someone work on your website.
Ask some questions, test the knowledge of the programmers, server administrators, designers.

And feel free to contact us, so that you can be sure that professionals are working on your website.

Click here for our contact options.

De meeste artikelen worden geschreven door Mathieu Scholtes, de eigenaar van WPBeveiligen. Op de hoogte blijven van het laatste WordPress nieuws? WordPress tips? WordPress aanbiedingen?
Connect dan op Linked-in!

Heb je een vraag? Tip of gedachte? Deel die!

Breng me op de hoogte
0 Reacties
Inline Feedbacks
Bekijk alle reacties