70% of all WordPress websites are vulnerable for hackers
Statistics of more than 40.000 WordPress websites were published in the Alexa top 1 million. Of these 40.000+ websites, over 70% are vulnerable for hackers. If we look at the year 2012 alone, over 110.000 websites were hacked that year. Let's find out why so many WordPress website's are vulnerable, how you can prevent getting hacked and how to check if your website has been breached by a hacker. The below statistics are based on over 40.000 WordPress websites found in Alexa’s top 1 million websites:
- 74 different versions of the WordPress CMS have been identified.
- 18 websites had an invalid or non-existing WordPress installation.
- 769 websites (1.82%) are still running a subversion of WordPress 2.0.
- Only 7,814 websites (18.55%) upgraded to WordPress 3.6.1.
- 1,785 websites upgraded to version 3.6.1 between the 12th and the 15th of September.
- 13,034 websites (30.95%) are still running a vulnerable version of WordPress.
How come so many WordPress sites vulnerable for hackers?
People often see their website as a finished product. You pay a web developer to design and develop it, or develop it yourself, and expect it to be finished afterward, right? The truth is, maintaining a well-performing and secure website is a continuous process. There's always an update to be installed, and there's always optimizations to test. Especially the updates can become a problem when you forget about them. Numerous external scripts are loaded for each plugin you use on your WordPress website. Once a plugin becomes outdated, chances become increasingly bigger hackers will be able to breach your website, by abusing outdated scripts. That's why it's important to update your theme's, WordPress installation and plugins regularly. Next to updating your resources, make sure you pick a strong password for yourself and all of your employees. By picking a strong (randomly generated) password, and changing this after a set period of time, you won't make it too easy for hackers to enter your website.
How can we prevent this vulnerability for hackers?
As you can read above, the most important causes of vulnerable WordPress installation are outdated scripts. This is what you can do to prevent hackers from hacking your WordPress website:
Never get hacked again by:
- Updating your WordPress installation, Themes and Plugins regularly.
- Making use of a site security plugin (which of course, you'll also have to update regularly) like WordFence.
- Generating strong passwords for yourself and all of your employees.
- Changing the passwords for yourself and all of your employees regularly.
- Carefully monitoring analytics for suspicious data.
How to find out if your website has been hacked?
After reading the information above, you probably want to know how secure your own website is. You can easily test your website for security breaches by installing the WordFence plugin, and running the WordFence Scanner.
Besides scanning your website, there are different options to discover security leaks on your website:
- Check the Google search results for notices of unsafe content. Google might display 'this site has been hacked' or 'this site may harm your computer' if malicious scripts are found by Google's crawlers.
- Check Google Search Console for errors. Google will report suspicious content or behavior on the search console dashboard.
- Check if any of your customers have encountered any problems on your website. If they have, they might have sent you an email about it. Make sure to check your spam box so you won't miss out on any of this valuable feedback.
- Check for traffic spikes on Google Analytics. Hackers often install scripts which will spam your comment sections or forums. This will generate traffic spikes which you should be able to spot quite easily using Google Analytics or a Data Stadio dashboard.
Hopefully, I've been able to teach you something about WordPress website security. If you still need help with fixing malware or malicious scripts on your website, I will gladly help to resolve the issue. Just fill out the contact form to get in touch.