Early last year an estimated 1.5 million WordPress sites were defaced as hackers exploited an unpatched vulnerability. One analysis carried out several years ago estimated that up to 70 percent of WordPress sites were vulnerable to hacking. Last summer approximately 300,000 WordPress sites that used a WP Statistics plug in were discovered to be vulnerable to attack.

These figures may be relatively old but they do illustrate how WordPress sites are vulnerable to attack and a prime target for hackers. With well over one billion websites built around WordPress this is hardly surprising.

That said WordPress is typically a secure platform. The problem is that extension tools can be written by anyone and some of these have coding flaws that can be exploited by hackers.

Many people use WordPress to run blogs or launch simple, straightforward sites. Given that they do not appear to offer any obvious value to hackers the question is why would these sites be targeted? There are several reasons why hackers target WordPress:
  • Use WordPress to secretly send spam emails
  • Steal data such as mailing list and credit card information
  • Rope the website into a botnet to launch distributed denial of service attacks on other large websites

If you have a WordPress site and want to protect it there’s a very useful article here that offers 20 tips to improve security.

You don’t have to follow them all but even recommendations such as using two-factor authentication and strengthening passwords can significantly improve security levels.