Monday, April 1, 2013

Why Your WordPress Site Got Hacked


Getting your site hacked sucks. I’m sure you’re not reading this for fun, my guess is that it may have happened to you. If so, we are sorry, but I am sure you will attest to why it got hacked.
There are always some common traits we see when we are called to fix a hacked WordPress site.
Almost always two or more of these things were in play when someone got a hold of your site. If you are lucky enough to be reading this article before your site gets infected, please do something and remedy these mistakes.
First off, we are always asked — Why would someone want to pick on my site? I don’t get much traffic and all I do is blog about rainbows and cats.
Very rarely is someone a personal target for hacking (especially on this scale.) The bad people of the Internet do not care who you are or what your site is about they just want to infect it. It’s ok to be mad, but it’s not personal.

Common traits of a hacked WordPress site

  • Old version of WordPress installed: WordPress update are for security just as much if not more as the are for new features. Backup and the update.
  • Infected theme: Hey I got this cool free theme from sketchysketchysite.com! Guess what? It’s full of infections.
  • Out of date plugins: Like WordPress installs, plugins need to be updated for security reasons. Ignore plugin updates at your own peril.
  • Too many admins: Not every user needs admin privileges. Have one or two admin users and assign everyone else their proper role.
  • Poor Hosting: A web host that charges you $3.95 / month will deliver $3.95 in value. Do not be surprised when they are not keeping things up to date and have mass problems. A lot of hacked sites we see are hosted on Blue Host or Go Daddy. I don’t know why, but then again maybe I do.
  • Lame Username / Password Combinations: I hate that I always have to say this — do not use ‘Admin’ as your username and never use ‘Password’ for your password. As often as I do say this, people still contact us to fix their site and give us these credentials to login.
Want to see how easy it is to hack a site? Watch Dre Armeda of Sucuri hack a site live from Phoenix WordCamp 2013.
Posted by at

1 comment:

  1. rudrakshOctober 20, 2021 at 8:09 AM

    Hey,
    Thanks for sharing this blog its very helpful to implement in our work




    Regards

    .
    hire a hacker

    ReplyDelete

Subscribe to: Post Comments (Atom)