emoji-WPTargetPeople love WordPress. It’s extensible. It’s powerful. It’s popular. But some of those attractive website plugins are being attacked and exploited. Here’s what you can do about it.

By Kimberly McCormick, Bayshore Solutions Corporate Marketing Team

WordPress is one of the most popular open-source website content management systems used today.  According to W3Techs, WordPress is used by 58.8% of all websites that use a CMS; this is approximately 25.2% of all websites. Which is possibly why it is also one of the most targeted website platforms for malicious hackers.  Plugins that may seem safe today, may be identified as vulnerable tomorrow. While we can probably chalk up the “Why” as the price of WordPress being #1, let’s focus on the “How” of protecting your website from current and future hacks that can dramatically damage your business.

As you can see in the graph below provided by SUCURI, there has been a significant spike in hack attempts in 2015, with the most recent quarter experiencing the most increase in malicious activity.

WP Hack Graph

While an open-source platform such as WordPress will never be 100% bullet-proof, there are things you should be attending to weekly and at the very least monthly to mitigate your risk of being hacked.

  1. Install appropriate security plug-in software.

There are many available so make sure that you choose one that is well documented and reviewed by the WordPress users community.  One of Bayshore Solutions selections for specific customer’s needs is WordFence.

A caution is in order however.  Ensure that your chosen plug-ins all “play nicely together.” With 20,000+ plugins developed by thousands of developers around the globe, there are no guarantees that all plug-in coding is compatible.  An important part of competent WordPress website design is the vetting and selection of compatible plug-ins to deliver the functionality customizations needed by your specific business.

  1. Keep a back-up your website.

And update that back-up regularly. In the event of needing to restore your business website from the back-up.  It is much less devastating to back up to site-status of yesterday or seven days ago than one month or even one year earlier.

  1. Update the WordPress core and all plug-ins whenever needed.

Improvements and version iterations happen frequently on both the base WordPress platform and any of the plugins that have been developed for WordPress. Often these updates bring functionality improvements as well as address bugs and even security loopholes detected in the programming.  Waiting to implement updates as soon as they are available is like trekking through the jungles of Indonesia, with outdated or non-existent malaria vaccination.

  1. Monitor your website’s Webmaster Tools

    (now known as Google Search Console) at least weekly. Address any needed redirects for 404 errors and take action on any errors or alerts promptly.


Bayshore Solutions follows this prevention protocol with communications and maintenance services for all of our customer’s WordPress websites.  In the event your site does get hacked, we can help quickly recover the health and integrity of your website.

Contact us today for a WordPress assessment and hack risk protection regimen for your business.

Recomended Posts