Hackers exploiting the security of WordPress

WordPress is very popular platform these days (around 8.5% of all worlds’ websites are powered by WordPress!). As it is Open Source, everybody has access to its Source Code and can experiment with new cracking/hacking methods easily.

WordPress has become one of the most preferred exploitation destinations for hackers across the globe. While WordPress has been continuously releasing new versions that loop up the security holes, its popularity as a blogging platform has always prompted hackers to come up with new measures to hack information, interrupt service, and redirect traffic or other purposes. At CPWebHosting – secured WordPress hosting provider, the security is very good and all the preventive measures are taken to make your website stay away from hackers.

Although there are several ways in which WordPress issues can be tightened, only a few users follow them, which make the platform even more vulnerable. The open source nature of WordPress means a lot of damage can be done also through vulnerable WordPress themes and plugins or through automated exploits, which can destroy your website and your reputation. These are the top WordPress issues and vulnerabilities that are being exploited by hackers. Having acquired with the latest security tools, at CPWebHosting – cheap hosting provider you can easily develop or create a website with full high security so that the hackers don’t exploit your security.

CPWebHosting – A secured hosting provider gives some tips on WordPerss Security:

1. Insecure Plugins and Themes : WordPress offers many free plug-ins and themes that enhance the functionality of your website with minimum costs. However, you have to be aware of the fact that they may contain vulnerabilities or even hidden malicious code that can compromise your website.

2. Don’t use ‘admin’ username : Anybody who tries to get into your WordPress admin section will try with ‘admin’ as a username. If you change it, potential hacker has to hack both username and password. If you are running older version of WordPress (which I do not recommend), you can change admin username directly in the database.

3. Strong Web Password : A lot of WordPress issues can be avoided with good habits and a strong password is one of them. A good password protects your site from brute attack and acts as a security gateway for your site. If a hacker is able to hack your administrator account, then he can install scripts that can possibly damage your whole server. Do not use predictable and weak passwords.

4. Databases Access via a Root Account : All your WordPress content and web files are stored in one database. If you are using more than one web application, each application will have its own database. Your WordPress root account provides complete access to all your databases that are saved on the same web server or under the same web hosting account. If a hacker discovers your root account credentials, then he / she can get access to all your databases. Therefore, it is highly recommend to create dedicated accounts to access each individual database, rather than using your root account.

5. Move your wp-config.php file : In your wp-config.php file there is database connection info as well as other data that should be kept from anybody to access. From WordPress 2.6 you can easily move this file from root folder location. To do this simply moves your wp-config.php file up one directory from your WordPress root. WordPress will automatically look for your Config file there if it can’t find it in your root directory. This way, nobody except a user with FTP or SSH access to your server will not be able to read this file.

6. Database permissions : Database permissions allow a web application to access and also modify specific parts of the database. If database permissions are not tightened down, a malicious user can exploit such permissions and modify the database content and structure. Hacking attacks not only make cyber criminals rich and satisfied, they affect your site’s position in terms of search engine rankings. A site infected by spam is not only ranked low, it also gets highlighted, which adversely affects its reputation and business potential.

2 thoughts on “Hackers exploiting the security of WordPress

  1. All versions of WorldPress are at risk of blind SQL injection attack via its SEO plugin YOAST. The affected file is admin/class-bulk-editor-list-table.php .These attacks can damage the database and possible exposure of confidential data. A research report has found that about a quarter of WordPress users have backup plugins which can be used to restore the site. Many service providers offer advantage to keep their data vulnerability free by updating plugins and site backups.


  2. CodeGuardOne has released a report that more than three quarters of WordPress users are not using backup plugins. Company has surveyed 503 WordPress users to understand how many times that backed up websites and tools. The report has found that 24% of respondents use a website backup plugin. 32% have received an extensive training for website backup tools. Approx 44% do not employ a website or IT manager. According to study, 69% of user’s website plugin had failed after updating, and 24% multiple plugins fail after updating, 63% of respondents have deleted files that were not backed up.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.