WordPress Hacking Trends
About 35% of all websites are built on WordPress. That makes it one of the most popular content management systems in the world. Its open sourced themes and plugins encourage developers to build and share custom solutions. Because of WordPress’ widespread use and popularity for developers, it has also become popular in a different community: hackers.
Updated: July 29th, 2020
Hacks and the Hacked
Hackers are looking for the biggest bang for their buck. The more sites using WordPress, the more worthwhile it is for them to go after it.
There’s a 2-part growing trend.
The first part of the trend is that the number of overall hacks is increasing.
The second is that the number of sites affected by each hack is also increasing.
SOURCE: DATA SOURCED FROM WORDFENCE SECURITY BLOG
In 2020 (so far), we’ve seen over 42 WordPress hacks. Compared to just 15 hacks in 2018, that’s more than a 280% increase!
There are also staggering numbers for sites affected by the hacks. There were over 7.3 million sites affected by hacks in 2020 compared to 2.1 million previously. A 348% year over year increase is nothing to take lightly.
Website Hacking Prevention
Hope is not lost – here are some key takeaways you can keep your website safe from hackers.
Make sure your WordPress is updated regularly. WordPress usually publishes feature updates quarterly. Often, included in these update bundles are one or two updates related to security. Implement the new updates quickly so that your website is always protected by the newest security features.
Update Plugins & Themes
Plugin and themes are not updated on a regular schedule – each one is updated on its own. For a site with multiple plugins, it can be difficult to keep up. Checking each plugin and theme daily, or at the very least weekly, might seem like a hassle, but it’s worth it. In the long run, doing this tedious task is much easier than dealing with the aftermath of a hack.
Install Security Plugins
Security plugins will prevent hacks and notify you of security issues, including letting you know when plugins or themes are outdated.
We strongly recommend you install a security plugin. We’re big fans of WordFence. Feel free to check out the full list of security plugins on the WordPress Plugin Directory.
Other Security Preventions
So far, we’ve talked about how to secure WordPress. But there are other systems you can update to add another layer of protection.
Your website is hosted on a server (AKA computer) and like anything else, it also has software updates. Check with your hosting provider how you can update the software on the server. They might even offer a managed hosting solution where they update the software for you.
This is a big one and we’re probably all guilty of it – do not use guessable passwords. When you use passwords like password1234 or qwerty you’re basically handing a hacker the keys to your site. Do not use the same password across multiple accounts. When you create your WordPress password, the system will tell you if your chosen password is weak. Take their recommendation seriously and tweak your password until it’s labeled as strong.
For many in the security industry, the question of being hacked is not “if” but “when.” That might be a scary thought but it’s realistic. Having a good backup plan is critical to recovering from a hack. The best thing you can do to help yourself recover from a hack is to have a backup plugin or a backup copy of your server available (check with your hosting company). Write out a plan of recovery in a word document and password protect that document so you can put passwords or password hints into the document. Upload it to a secure cloud account so you don’t risk losing the document on a local file or computer.
The hacking trends this year are not looking too sunny. But there is plenty you can do to make your website and business less vulnerable to hackers. Most of these preventions don’t require a lot of time or money – but any time or money you invest will repay itself tenfold when you’re properly protected from hacks. So make a list of your themes and plugins, contact your hosting provider, and don’t forget to hit the “update” button!