WordPress Wins... the award for most hacked website platform in 2018

In early 2019, the GoDaddy security team, Sucuri, released a report showing that 90 percent of hacked sites were using the free WordPress system. While 44 percent were using older versions that had not been updated with new releases and security patches, 56 percent were up to date. So, even updating does not mean safer.

For over 10 years, I have warned potential clients and readers of the dangers of hiring a web designer who is just going to download a free, insecure WordPress website, and charge them thousands for it.

Even now, individuals and business owners dismiss potential issues with the attitude of, "I have nothing worth hacking/stealing." - They do not understand that this is not the motivation of most hackers.

In most cases, hackers do not want to steal from the websites they hack - they want to use them as cover while they do illegal things, some of which may be serious.

Why do hackers hack sites?

1. To attack other sites - They may use your site to perform Denial of Service attacks on other websites. Basically your site, plus thousands of others, try to connect to a website simultaneously. That overloads the server, stopping access to that site.

2. To spread viruses and malware - They can embed viruses into the website which are downloaded to a visitors computer. They may install ransomware which locks the computer until one calls a number and pays a ransom, or reads usernames and passwords and transmits them.
If this happens, Google will place warnings to keep people away, and your reputation will be damaged.

3. To spread spam - If you ever look at the actual email address in the spam you get, it is most likely from a legitimate website domain that was hacked.

4. Phishing - The hackers upload fake financial institution-looking website files, for example, PayPal or a big bank. They then send an email saying that your account may have been compromised and they direct you to the fake page to prove you are you by entering your sensitive information including login, password, PIN, billing zip, etc.

If this happens, your site is now part of a credit card theft/identity theft/money laundering type network, and that becomes a federal case.

Do you have a WordPress Site?

You can easily check by adding /wp-login.php after your domain - e.g., yoursite.com/wp-login.php. If you see a login form, you have a WordPress site.

What can you do?

If you have a WordPress site, you must get your web designer to review the Sucuri report and apply all updates/patches, including those for all plug-ins. If you are paying monthly for maintenance, confirm in writing that they have done the updates.

If the designer is no longer around, seriously consider upgrading your site to one of our safer WebUpdate sites.
WebUpdate predates WordPress and has never been hacked, thanks to added security that detects hackers and blocks them immediately from the server. See the last 250 blocked hackers realtime at:

If you have concerns with your web security, now is the time to look into our WebUpdate system sites. Not Open Source, they take advantage of advanced security, SEO, social, and responsive features to give your business the best competitive edge online.   

Date Published:
Are you Ready to Discuss your Web Project?
Let's Get Started

What Our Clients Say

Let us know what you think

We are happy to listen
Feel free to drop us a line!
Where to Find us
Contact Information