Insight, advice, news and chit chat

How likely is it that my WordPress website will get hacked?

Will my WordPress website get hacked?

I love to write about marketing, anti-procrastination, and feelings, but sometimes I have to shine a light on the not so fun technical topics.

Like the fact that sometimes, WordPress websites get hacked by hackers!

At TLD we create and maintain many websites, and we use WordPress. It’s got many benefits, which is why most of the world’s websites are in WordPress.

WordPress is adaptable to our bespoke designs and is so flexible with the types of pages and information we can create. With our bespoke sites, you can have a beautiful and sophisticated website which is also simple to update.

How likely will it be that your website gets hacked?

We at TLD have a large pool of WordPress sites which our coder Tom said are like fishes in water. Because we host so many, it’s more likely in our experience that sooner or later one fish will weaken and get caught by a predator. We have the pool — so we will hear about the risks.

It’s less of a risk or likelihood for any one of our clients who have only one site – especially if you keep it up to date! If you have one website, you don’t have the pool. You just have one fish. It is in dangerous waters, but you will not necessarily get hacked.

Essentially, each WordPress version is vulnerable. In addition, plugins used in sites, while enhancing their functionality, do create extra vulnerabilities and some of them aren’t even publicly available. These are dangerous waters. Sooner or later another fish will get caught.

Who is hacking my website and why?

Remember, it’s not personal. Often, it’s not even a human, but a “bot” which is running around the internet. Their motives vary – sometimes they want to “spamvertise”, sometimes to steal data, sometimes run other scripts and attack other sites. Wordfence has a great article “How to protect yourself from WordPress insecurities” and below is an infographic from that article:

Who is hacking my website?

Bottom line is, it’s a real headache/pain in the rear, nightmare – whatever you want to call it. Better to be avoided! If you would like us to check your site, please email us and we can take a look for you, and offer various (very affordable) ways to help.

For the sake of simplicity, here are 3 important ways to keep your site safe

Keep the version of WordPress up to date

When we make a website and launch it, we use the latest version at the time. Hopefully our clients either get us to keep this up to date, or take care of this themselves. We minimise the risk for Loyalty Club members as the service of backing up the site, upgrading WordPress, and keeping plugins up to date is all included, but there are more fishes out there.

According to well known WordPress hosting company Kinsta, 39.3% of hacked websites worldwide were running out-of-date WordPress core software at the time of the incident.

So a really simple solution to prevent hacking is to keep your WordPress website updated to the latest version. Each time a new upgrade is done, WordPress has included additional security. This is definitely an improvement over 61% from 2016. According to recent research,  only 62% of WordPress sites are running the latest version, which is why many sites are still unnecessarily vulnerable to those exploits. How many security holes does WP fix in each release? It varies. For instance, in one of the latest 5.2.3 releases they fixed 7 holes and for WP 5.2.4 they fixed 6 holes

Out-of-date plugins or themes

WordPress plugins are actually the biggest source of vulnerabilities in WordPress.  According to Kinsta, over 60% of people who’s websites were hacked and could reveal the way this happened could see it was from a plugin or theme vulnerability. We’re careful at TLD to really minimuse how many plugins we use, as too many can make the site “heavy” and harder to manage. And as we’ve mentioned before, we don’t use themes, we create bespoke WordPress websites.

This article shares the top 10 most vulnerable WordPress plugins – a good place to start is to check and compare if your site has these. It’s important to check that the site functions as it should after the plugins are updated. We offer technical assistance on updating these too – our coders are stringent in their methods and back things up as well, just in case something breaks. In some cases, they even write special code to make a plugin work when the latest version isn’t compatinble

Poor hosting environment

This depends on who your hosting company is. We have a very reliable hosting partner and host many websites for our clients. You need to ensure you have a secure hosting environment and the most recent versions of important technologies like PHP to mitigate the risks and ensure your WordPress site stays safe. For example, the server should be running the latest version of PHP. Ideally, you want your site to be on a server with PHP version 7.3+ . According to a recent article by Kinsta, only 33% of WordPress sites are using PHP 7 or higher.

Still worried?

As mentioned above, we are here if you need us. Our preference is if clients take us up on our enhanced service where we upgrade and maintain their websites. It’s not expensive, and it gives us all piece of mind. If something bad happens, it’s usually not THAT bad. And members of our Loyalty Club get a full backup and upgrade service as a bonus.

Will my WordPress website get hacked?

Our coders are doing this regularly for many of our clients, running checks, upgrading sites, checking plugins etc. And this is what keeps most of our sites safe. On the rare occasions one of our “fishes” gets caught, they are able to restore things to where they should be from the previous backup. We are happy to do a health check on any site if you just write to us with the word “FISHES” in the subject line (and your website URL). Thank you for reading!

Leave a comment

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>