WordPress is one of the most popular content management systems available for websites for many reasons. It is open sourced software and it is free to use for any personal or business purposes. It runs on cheap Linux based servers and quick and easy to install. It has a plugin for almost anything you could imagine.
However, hackers know almost every site on the internet is a WordPress site so it is a prime target for hackers in the same way Windows is targeted over Linux and Mac OS for hackers. Also with 152,000 video’s on youtube on ‘how to hack WordPress’ it’s easy for any script kitty to figure out how to hack it. WordPress has many different entry points for hackers.
WordPress uses a database to store data for the website content, plugins, and themes and SQL injections can be used to gain access and take control of a WordPress site. Anyone can write a plugin and publish it to the WordPress plugin directory that any WordPress Admin can download and use without even realizing it’s a hacked plugin. According to Wordfence almost 60% of hacks are through WordPress plugins.
I used to use WordPress for most of my clients, but when they started getting hacked I had to wipe them and move them to new servers. It was a headache for my clients as well as my business. However I believe I have come up with a solution to solve the problem. I ditched Wordress and started going back to my roots building static hand crafted custom built sites. I went back to building sites the way they are suppose to be built not by a cookie cutting robot but by hand. And now most of the sites I build are clean and hack free. They don’t connect to a database and are quick and responsive. I have yet to have any static site I have built ever hacked. But that deserves a post of its own. Maybe next time.