If you are using WordPress or thinking of using WordPress as your website, you may be concerned about it being hacked or potential vulnerabilities.
Is WordPress Secure?
Since WordPress powers about 25% off all websites - you may think they can't all be hacked. Then again, because of so many WordPress websites, security vulnerabilities are inevitable.
Wordpress runs on free open source code which means anyone can go through the code and see exactly how your website is built. You can download the code here https://wordpress.org/download/ and see for yourself.
You can find a list of WordPress Core, Plugin and Theme vulnerabilities here:
To date (Feb 2018) there are 10,574 vulnerabilities!
So How Do Hackers Know My Website Is WordPress?
WordPress has a line of code which tells that your site is built using WordPress - along with the current version. Based on the design of your templates, the information is usually showcased in the code on all your webpages!
If your WordPress site is running an outdated version, hackers can easily target the security vulnerabilities and weakness that have already been patched by recent upgrades. Remember it is not always easy to upgrade WordPress as upgrading may break other core functionality or themes and plugins you are using.
Default Logins And Admins
The default admin login page to a WordPress website is set. This means hackers already have a leg-up that they already know how to access your admin area.
If don't believe me - go to any site you think is a WordPress website and type "/wp-admin" after the url. Here are some examples of "big" websites:
- TechCrunch is a leading technology media property, profiling startups, reviewing new Internet products, and breaking tech news. Their admin login is:
- Skillz is the leading mobile eSports platform, connecting the world’s 2.1 billion mobile gamers. Their admin login is:
- Forward Financing provide small business owners the financial access they need to capitalize and expand on their businesses. In 2017 they were #15 in Inc. 5000 Rank! Their admin login is:
These are just a small random sample - do hackers know your WordPress admin url? The answer is a resounding "yes"!
As an added bonus - WordPress lets you unlimited login attempts. So hackers can use bots that try all day and night to guess your passwords.
The Files of Plugins And Themes Are Editable Within WordPress
Normally files that are used to serve a website are highly protected by server settings and by the tech team responsible for your hosting. With WordPress however - nearly all the files in the theme template and plugins are customisable and editable from within WordPress itself. This leads to security vunerabilities, even from stray fingers from staff digging around and well-meaning website designers.
These are just a few topics regarding to hacking into WordPress sites. There are many many more topics we will dig into in the future.
Best Websites & Best Website Design