fbpx
WP Woman Logo
a chick who knows a bit about wordpress
WP Woman | Questions and Answers | a chick who knows a bit about WordPress

Question

My site is small, has no users other than me and does not even have eCommerce or an email list. Why would anyone want to hack my simple, little WordPress site?

Answer

Oo! This mindset makes you a hacker's dream!

Too many of my students and clients are under the impression that they have to have a popular, self-hosted WordPress website before they need to worry about hackers coming for the attack, but nothing could be further from the truth.

In fact, the more basic your site is and the newer it is might actually be more of a reason for hackers to come after you.

So many people these days are masquerading as WordPress website designers and/or developers that they're creating a financial goldmine for hackers. For those of us who have actually spent years learning the ins and outs of content management systems and the importance of CMS security, we understand that being able to activate a WordPress theme does not make you a WordPress guru. Most of these posers who are taking the hard-earned money of unsuspecting website owners don't know the first thing about WordPress security, nor are they trying to learn anything about WordPress security. By the time their clients have been hacked, the phonies have moved on to their next unsuspecting victims.

But I digress… Anyway…

From the first moments your self-hosted WordPress site is live on the web, hackers are trying to break into it. Many of them have scripts trolling the web and panning for WordPress sites that lack any type of security or have weak security.

Why?

There are many reasons, and I'm going to share some of them with you right now.

1. Because they can...
Some hackers will break into non-secured WordPress sites because they are simply able to do so. Why climb Mt. Everest? Because it's there. They don't change anything, and they don't leave anything malicious behind, but they do plant a proverbial flag that they can show their other hacker buddies to claim bragging rights.
2. Because (sometimes) it's like stealing cable...

Even if it has not happened to you, you have probably heard about the neighbor who covertly splices into another neighbor's cable line, so Neighbor Thief does not have to pay for cable themselves and can benefit from the commodity that Neighbor Honest pays for.

Sometimes this is the case with hackers.

Why should they pay for hosting when you are already paying and have already done all the hard work of getting the WordPress environment set up for them to “splice” into and serve their own content from your site/hosting?

Have you ever gotten a notice from your hosting company threatening to take your site offline for using too many resources on shared hosting, but you only have a 3-page WordPress site?

Yeah… You might want to see who else is benefitting from your hosting and not paying you a dime!

3. Because some people are just destructive...

Let's just call them trolls. These are people who suck the good feelings out of everything, including your little self-hosted WordPress site that's sitting there minding its own business and not bothering anyone.

Yesterday, everything was fine.

Today, your WordPress site is offline and you are greeted with the following message…

bet'cha didn't plan on dealing with this today, did'ja?! i didn't do anything but delete everything! hope you gotta recent backup, dude! Happy Monday! LOLOLOLOLOL!

hacking365247

Goodness forbid you don't have an up-to-date backup or you aren't able to recover from the hack without shelling out money to a developer to get your site back online!

So…
How do hackers get in?

The quickest and easiest way they get in is through the fact that weak or no security is in place to stop them.

That super-simple, one-click install that the pseudo-web-guru used to set up WordPress for you is the hacker's best friend, because many of those scripts create your WordPress site without some of the simplest security measures in place; things a qualified WordPress designer/developer would know to do out of pure habit and right at the point of installation.

Be notified when I post my article...
Simple Ways to Secure Your WordPress Site BEFORE Adding Any Plugins.


Hackers also get in through vulnerabilities in plugins, themes and even the WordPress core files.

I have lost count of the number of times I've had to clean up a hacked WordPress site where the site owner wouldn't update their theme because doing so would break this or that plugin or they wouldn't update the WordPress core files because the updates were not compatible with their theme or updating a plugin would wipe out this or that customization that the site owner had to pay the plugin developer for.

By not updating plugins, themes and/or core files, you leave yourself wide open to exploits, because the hackers know the exploits that the updates are designed to fix! They then write scripts to search out the sites that haven't done the updates and BAM they are in!

Let's also not forget the site owner with an easy-to-guess username and/or an easy-to-crack password.

Whew!

Just the thought is making me itch! I'll get more into this in my article about securing WordPress before adding plugins, so sign up above to be notified when that article is posted.

Conclusion

This is by no means an exhaustive list of why hackers want to get into your WordPress site, but it should give you enough information to understand that at no point can you relax and let down your guard when it comes to protecting your WordPress site.

Content Management Systems, like WordPress, are definitely not “set it and forget it” platforms, and there is more to them than just creating new content.

It simply is not true that WordPress as a platform is not secure. I will concede that WordPress without adding any security measures is not secure, but there are many ways [with and without plugins] to secure your WordPress site.

If you don't have the time to maintain your WordPress site security, or you don't feel comfortable doing it, then I recommend you pay someone else to maintain and keep your WordPress site secure, or you may want to consider just not having a self-hosted WordPress site at all.

You actually will fair better with WordPress.com, although you will lose some of the full control that you get with a self-hosted WordPress site.

Do not let the hard work you have (or your guru has) done be in vain, because hackers and/or their scripts are on the prowl for weakly secured and non-secured self-hosted WordPress sites 24/7/365.

Leave a Reply

Your email address will not be published. Required fields are marked *
Subcribe to my weekly newsletter
Click here
Get video tutorials created specifically for your needs for your WordPress project(s).
Wp Woman | Question: If I have a self-hosted WordPress site, then why would I have any need for an account on WordPress.com?
Read More
Join Walmart+ and enjoy benefits, like discounts on gas, rewards for buying certain products and a free subscription to Paramount+
Join Walmart+ and enjoy benefits, like discounts on gas, rewards for buying certain products and a free subscription to Paramount+
WP Woman | I've done all my plugin updates, but I'm still showing that there's one plugin that needs updating. When I go to Plugins, I don't see a notice on any of them showing they need to be updated. How can I find out why I'm getting the notification to update a plugin when I don't see a plugin that needs updating?
Read More
WP Woman | What can't I delete a WooCommerce product from my WordPress site?
Read More
Social Media Manager: grow your reach!
Computer screen showing red screen with yellow glowing danger sign. Concept hack virus cyber attack
Read More
WP Woman | Do I need legal pages?
Read More
Facebook Twitter Youtube

Copyright© 2023, WP Woman & Faydra D. Fields. All rights reserved.
Site customized by HLWES.