5 Ways Your WordPress Site Could Be Hacked (And How To Avoid That Fate)

30,000 new sites are hacked daily. Don’t let it happen to you.

WordPress: A Hacker’s Target

The increasing number of sites using WordPress has made the platform a target for hackers.

It doesn’t matter how small or large the site is. If you don’t take steps to secure your site, it could be hacked.

With some regular maintenance and security upgrades, it’s possible to protect yourself against this frustrating fate. Remember, a strong defense is your best option against your site being taken over by someone else.

Outdated WordPress Version

Updating to the latest version of WordPress is just too much work. At least, that’s a common excuse for why site owners stick with an outdated version. One of the main purposes of these version updates is to fix security flaws. As soon as hackers find a flaw, they exploit it.

This means hackers are on the lookout for sites running outdated versions. All you have to do is keep WordPress updated with the latest version. If you can’t because your theme or plugins aren’t compatible, adding a stronger firewall and antivirus software is a good start. Having your theme and plugins tweaked to be compatible is your best option. Hiring a website maintenance company is ideal if you’re still iffy about updating WordPress on your own.

Unsecure Themes And Plugins

Updating WordPress isn’t going to save you completely. A theme or plugin can leave your site just as vulnerable. An unsecure plugin could give a hacker unlimited access to your entire database. They could then leave behind files to send your visitors to other sites or download malicious files to their computers.

Check your themes and plugins for updates regularly. Ensure you’ve optimized any settings to be as secure as possible. Also, it’s a good idea to clean your site and purge any plugins or themes you no longer use. The fewer entry points you have, the better.

Simple Username And Password

It’s so much easier to remember the default admin username and a simple password such as Pass123. Hackers actually count on it too. A simple password only takes a few hours (sometimes minutes or even seconds) to crack. If you make it easy for hackers to simply login to your site, they don’t even have to work hard to get in. The best security software isn’t going to protect you if you’re leaving your front door open.

Creating a different admin user is your best option. Use a username that isn’t obvious, such as User, Guest or Admin. Make your password as complex as possible by using a combination of upper and lower case letters, numbers and symbols. A good password might be [email protected]!te, but a better password would be M(P4%%”l)*5hN. Using a password manager will help you remember those complex, but more secure passwords.

Access To WP-Login

Brute force attacks don’t care about discretion. They just keep attacking the login page until they get in. One common entry point for these attacks is using the wp-login page. It’s obvious and most users don’t block access to it.

With a little coding change, you can change which IP addresses have access or even add an extra level of security with an additional login. You could also block any IPs which try to force their way in. If you’re not comfortable messing with the code yourself, a web support company can do it for you.

A final solution is to limit login attempts. After a set number, such as three, further attempts are blocked. This prevents hackers from trying repeatedly. Too many failed attempts and they’re out.

Open Access To Files

Leaving your files with open permissions is like inviting in trouble. Changing file permissions to limit access to items in your wp-content and wp-admin folders helps prevent unauthorized access. Users only need access to a few file types, such as images, CSS, XML and Javascript. They definitely don’t need to get into your wp-admin files.

Changing the code in your .htaccess file in each folder helps secure file access. The harder you make it for hackers, the better off you are.


These are all some of the more common entry points for hackers, but it’s not all. Start with securing the most obvious security holes in your site and keep regular backups in case the worst happens. Consider using a website maintenance company to help with security and you’ll sleep much better at night.

Don’t want to be one of the 30,000 sites hacked daily? Contact FatLab and get the support you need.