One of my web design customers had his website hacked. The site, built on WordPress, had a mysterious user account created. As soon as I discovered it, I deleted the account and installed WordFence to monitor and protect his site. I scanned the site and talked to the web hosting company to see if they could find anything malignant. Fortunately the answer was no.
WordPress is a powerful content management system that runs more than 25% of the world’s websites, so naturally it’s a target for hackers. But that doesn’t mean it’s not a good platform. A few companies trust WordPress with their websites… maybe you recognize some of them:
- Disney
- CNN
- BBC America
- Variety
- The official website for the country of Sweden
- Sony
- The New York Times
- The Rolling Stones
- Mercedes Benz
- Kristin Berkery Design
…and perhaps most importantly, 😉
- Beyoncé
My customer wanted to know, “Why would they hack a site that doesn’t get much traffic?” If your site’s been hacked, I hate to break it to you – it’s not about you.
Most of the time it’s not even a geeky guy in a dark basement trying to hack your site – it’s automated computer processes that are attempting to hack thousands of sites at the same moment looking for that one site that’s not running current software. The hackers find a loophole that hasn’t been closed by a software update and start exploiting it.
So what can you do?
Make sure your website software is current – that includes all plugins as well. Delete old plugins and themes you no longer use. Don’t use “admin” as a username on your website. Choose passwords that have upper and lower case letters, numbers, and symbols for your login account. Install a good watchdog on your WordPress site like WordFence.