I have helped several people restore their hacked websites over the past year, so decided to make security a priority for this service, as noone is safe from being hacked.

As the most popular web publishing platform on the internet (by a large margin), WordPress is a popular target for hackers and spammers. WordPress is known for being one of the most user-friendly website platforms available online, but out of the box WordPress is terribly vulnerable to attacks.

According to WP White Security, more than 70% of WordPress installations are vulnerable to hacker attacks and the total number of hacked WordPress websites in 2012 was a whopping 170,000. This figure is growing every year.

You may be wondering why anyone would want to attack your website, particularly if you have a low traffic website; however the vast majority of hackers are not looking to steal your data or delete important files. What they want to do is use your server to send spam emails.

It is important to understand how hackers gain entry into a WordPress website and have their wicked way. Although there are many different ways in which a hacker can break into a WordPress website, the main techniques can be grouped together into four categories. In an article last year, WP White Security reported the following statistics about hacked websites:

41% were hacked through a security vulnerability on their hosting platform
29% were hacked via a security issue in the WordPress Theme they were using
22% were hacked via a security issue in the WordPress Plugins they were using
8% were hacked because they had a weak password
As you can see, 41% of attacks are caused by security issues within your hosting platform. This covers a lot of techniques, such as using a URL parameter to process an SQL injection. This technique allows the hacker to add code to your database, which can allow them to change data (e.g. your password), retrieve data, or delete data (i.e. delete all your posts and pages).

Security Best Practice


  • Ensure that all scripts, plugins and themes are up to date.
  • Scan the server for malware scanning and intrusive files.
  • Force strong passwords.
  • Limit login attempts.
  • Backup your site often.