1. Top Menu

How Hackers Get Into WordPress

...And How To Keep Them Out!

Many WordPress blog or website owners worry about people getting into their sites. And for good reason. Hackers are trying to get into your WordPress site and they are using very sophisticated tools to accomplish their task.

I wrote this post to let you know how hackers get into WordPress. By knowing some of the ways Hackers normally go about getting into WordPress sites so you can easily safeguard against these attacks. Knowing how hackers get into WordPress is the first step in a good defense. And, fortunately for all of us, computer hacking is nothing like you see in the movies.

Exploring How Hackers Get Into WordPress

Hackers don't plug in a fancy computer and run a bunch of numbers that somehow, in some apparently magical way, figure out your password. Usually the way hackers get into your website, into your WordPress blog, is through some pretty basic and common every day means. Often they discover you are using an out-dated version of WordPress and exploit known security holes. Or they find out-dated plugins, also with known vulnerabilities, commonly shared between hackers. Or you make it easy for them by using simple, easy to guess, usernames and passwords.

And your not alone in this. Did you know that Al Gore's blog has been hacked? CNN's blogs have been hacked, too. And these all happened because they used older versions of WordPress. As soon as the word gets out about high profile blogs being hacked, or even just regular people's blog and websites, the creators of WordPress work hard and release a new version of WordPress with fixes that prevented these kinds of known attacks.

That's why it is always a very good idea to keep your WordPress, plugin, and theme versions, up to date. The latest versions will help prevent hackers from using older, known, vulnerabilities. I recently cleaned up an ugly mess for a client using a well known and popular theme on his website. He had an older version. A serious vulnerability had been discovered more than a year earlier but he didn't know about this. Hackers found, and penetrated, his site and did their damage.

Even though he didn't know about the vulnerability, if he had only kept his theme up to date he would have been safe and prevented the grief, and days of work, getting his site cleaned up and back online. He could have prevented this serious, and costly, problem by just going to his site Dashboard, checking for updates, and updating regularly as needed. The story of how hackers get into WordPress can be all to real, but so can the solution.

Besides updates, there are other things that should be done, of course. There are security procedures and methods, even security plugins you can install. I'll cover those in more detail in another post. If your blog or website is important, if it is part of your online business and needed in support of your ongoing income, then you want it to be secure and you need it to be protected.

Lastly, even with the most up to date WordPress and most up to date plugins, many hackers ultimately gain access to your site by simply guessing your password. First, by simply trying to login using the username admin and password admin, or username admin and password password. That's right. You might be surprised at how many people use those exact combinations, or something equally simple. Of course, you don't. You have a stronger login/password combination using a password containing letters and numbers that no one will ever guess.

Even with protection against all of those, and any of the myriad other known exploits used to gain access to WordPress blogs and websites, even if we knew all of the ways how hackers get into WordPress, some would likely still get past our security and get in. That's just the nature of the issue. And the best defense against this final outcome is to have a good backup program.

There are many good backup plugins available for WordPress. I recommend three to my clients. You only need one of these, of course, but these are three to choose from. They provide a range of pricing options as well as a number of excellent features. I'll reference them here from lowest to highest price which, not surprisingly, is from lowest to highest feature list as well. They are all reliable, well made, products that I use myself for my own sites and my clients' sites. Choose for yourself based on your needs and your budget.

WP-Clone by WP-Academy is a great manual (they call it on demand) backup plugin the is light-weight, fast, and easy to use. You can backup your site and download the backup file for safe keeping. Of course you have to remember to do the backups!

Backup Creator comes in two versions, the standard, manual plugin for $7 with installation on up to five sites, and the automated Ultimate version with unlimited personal site installations for $47.

Backup Buddy At $80 per year (yes, an on-going fee!) Backup Buddy is considered to be the Cadillac of backup plugins for WordPress. To find out how you can get the Wiz's comprehensive security survey of your blog or website, and the Backup Buddy plugin installed, all for just $47, click here.

How Hackers Get Into WordPress
How Hackers Get Into WordPress And What You Can Do About It!


Don't wait until it's too late, backup your WordPress blog or website right now! If you need help with WordPress security and/or backups contact the Wiz today to discuss affordable security plans. For done for you backup and security programs, CLICK HERE.


Online Sellers Association

Learn Share Grow

Web Estate Agents WordPress Website Rentals Websites For Sale or Rent

IMPACT – The International Membership of Professional Advisors, Coaches & Trainers

Another WizardsPlace Website.
Design, Content, & SEO by WizardsPlace.