WordPress can be a great tool for blogging and content management, it can also be a target for hackers to aim their evilness. Opensource platforms are just that, OPEN. And all that openness can lead to huge popularity, increased flexibility and lots of sharing. Sharing can be great for good people and also great for yucky hackers for the 5 following reasons.
It may sound childish, however it needs to be said, people can be mean. That’s not always the reason they’re hacking your site, but it may be one of them.
Many hackers take the path of least resistance. Currently WordPress.org powers over 6 million websites. WordPress is a wonderful platform for site development for many reasons. Unfortunately the sheer volume of sites and extensive documentation available also assist hackers to learn enough about the system to identify the weaknesses of a WordPress site and capitalize on those weaknesses. Once they find an easy weakness to exploit they look for other sites with the same symptoms. This makes their hacking process more turn key and less challenging.
Because the platform is easy to install and available to everyone some site owners are not fully educated about how to keep their WordPress site safe from hackers. While others who are educated are simply negligent, not taking the time to keep the site up-to-date and secure.
The open source nature of the system publicizes changes and security measures made with each new release. The updates are listed in a change log for everyone to see, even hackers. Although the exact code changes aren’t detailed, an experienced hacker can read the overview and determine possible vulnerabilities to exploit in past versions that were patched with the newest release.
Yes, there are blog posts, just like this one, that give step by step instructions on how to hack a WordPress site. Some even offer a downloadable program to run against a site exposing it’s vulnerable areas. As evil as it may sound, some good can come of these efforts to spread badness. Web developers can study the efforts of hackers and use these tutorials and programs to guard the sites they develop against attacks. I encourage all interested to study the enemy’s game plan and work offensively to protect websites instead of staying on the defense waiting for a hack to repair!
We don’t want to alarm WordPress users, your site may be perfectly safe. We’re working to spread the word that being a responsible WordPress owner is as important as being a responsible pet owner. Feed your WordPress site, give it fresh water and keep it up to date! Find out if your WordPress site may be at the mercy of hackers or worse yet has been acting up and may have been hacked.