About 25% of websites worldwide use WordPress as the foundation for their website. Thus WordPress is the market leading CMS and in Germany, there are plenty of companies, calling themselves “WordPress Agentur“, who specialize in WP maintenance and hacking protection.
Anyone planning to hack sites on a large scale will choose WordPress sites as victims.
The topic security will probably never come to a halt with WordPress. The reason for this is that almost every website works with various plugins. Each plugin represents an additional danger because – depending on the WordPress programmer – various security deficits can arise. The WordPress Core – the heart of WordPress – receives regular updates several times a year.
Theoretically, all plugins of a WordPress installation must be checked for security when a new WordPress update is released.
However, many plugins are run as developer’s leisure projects. Most free plugins will eventually come to a development stop and are not or only slowly adapted to the latest standards. Also commercial WordPress plugins such. SEO Yoast have been worried about security scandals in the past.
What can I do as an operator of a WordPress site against hacker attacks?
There is a whole litany of WordPress security tips to protect against hacker attacks. Some of them are useful, others are not. We offer our customers WordPress Security Checks and the implementation of various security measures to protect your website from hacker attacks or WordPress hacks.
What types of WordPress hacks are there?
The most common types of WordPress hacks are automatic scripts, e.g. Access the login page of thousands of WordPress websites and try logging in with the default “admin” identifier and simple password lists.
The following purposes are hereby pursued:
- Do as much damage as possible
- Stealing people / user data / bank details etc.
- Feeding content to create backlinks to other websites
- Especially by creating hidden links
- Automatic creation of posts, which in turn contain backlinks
- If a WordPress site has been hacked, there are a variety of ways to recover it, or back up your WordPress system with hindsight.
The approach is usually:
- Eliminate the most common security vulnerabilities
- Elimination of the damage
- Set up automatic backups for the future