WordPress is one of the most hacked platforms on the planet. Your
chances of having a security breach with a WordPress website is
much higher than a plain HTML website or a customer CMS website.
It’s not because WordPress itself is insecure – In fact, WordPress
is extremely secure from a pure security standpoint. It’s because
of the nature of WordPress.
By nature, WordPress works through add-ons. To make the most of a
WordPress site, you need to use a variety of plugins as well as
themes. The real security vulnerability of WordPress comes through
these plugins and themes.
How Most WordPress Sites Get Hacked
WordPress sites get hacked when hackers discover a security
vulnerability in a plugin. It’s often not difficult to locate
thousands of sites running that plugin once an exploit has been
For example, let’s say a hacker finds an exploit in a plugin that
adds a Facebook “like” button to people’s websites. He can just use
unique identifiers (called “footprints”) left by that plugin to
Google all the sites running that plugin.
Backdoors and More
What happens when your site gets hacked?
First, what most hackers do is install backdoors. These ensure that your site will “hack itself” should you ever try to fix it. Often time’s your PHP files, your database, your htaccess file and even your chron jobs can all be infected with backdoors.
Second, your hacker will do something with the site itself. They
might redirect your traffic, deface your site or use your site for
How to Secure Your WordPress Site Against Attacks
So how do you secure your site against attacks if you’re not a
computer security expert?
The solution is actually relatively simple. Start by installing
“Better WP Security,” the top (free) WordPress security plugin.
This plugin will protect your PHP files, lockdown your htaccess
file, backup your database and regularly keep backups of your site.
Should your site get hacked, you can easily restore it from
backup. It’ll harden your security all around.
There are still aspects of your security that Better WP Security
can’t handle, such as your server security and your file
permissions. If your WordPress installation was done properly and
you’re on professional hosting, by and large, you can assume these
If You Get Hacked, This is What to Do
The best way to repair a hacked site is to head over to eLance and
find a professional who knows what they’re doing to help repair
your sites. For between $50 to $200, depending on the extent of the
breach, you can find a qualified expert to help you remove all the
backdoors and patch the holes through which the hacker got into
Unless the hacker deleted your site, generally you’ll be able to
recover everything and set your site back on course.