WordPress Hack Attack


A few days ago, our sales & marketing team was reading through requests from companies needing development work on their WordPress website. The majority were simple requests - adding plugins or changing template themes. One of the requests, however, became the inspiration for this post. The summary of this request was simple: My WordPress site keeps getting hacked no matter how much I change, so I'm going to rebuild my site from scratch to start over with a clean slate. The option to rebuild might mitigate some of the risks, but if this fellow rebuilds his website in exactly the same way, it's highly likely he will be subjected to another malicious attack within a short span of time if he doesn't make some changes. 


Why is my site getting hacked? To start, it's basically a giant target. Approximately 39.5% of websites (that's nearly 64 million websites!) on the web today were built using WordPress. A hacker can identify a vulnerability and exploit it - affecting millions of websites across the globe. 

Your WordPress website is basically just a sitting duck waiting for the next hacker to identify and exploit the next vulnerability. But you're not totally powerless! There are a few easy-to-implement ways to boost your website security and reduce the risk of attacks.

Basic Security

First and foremost, take the time to think through the most basic security needs. It's 2021 and it's astonishing how many people still fail to setup even the most basic security measures. 

Password: Despite the fact that you may think it's clever, using password as your password is not, in fact, going to cut it. Neither is p@ssw0rd, pa$$w0rd, or thisismypassword. Selecting a strong password is your first line of defense. We suggest the use of a password manager like 1Password to suggest excellent, strong passwords that are then stored in a secure vault. 

Two-Factor Authentication: WordPress has a two-factor authentication plugin that adds an additional layer of protection to your website even if your user credentials have been compromised. 

Security Plugins: Add additional layers of security (and some additional peace of mind) with WordPress plugins that are designed to provide a variety of different security functions. There is a wide variety of security plugins available. We suggest reviewing the list of plugins to determine which plugin is right for your website needs. 

Backup Your Website: You didn't spend countless hours (or dollars) building a website just to do it all over again when you get attacked. Backing up your WordPress website is a safety net in case of a malicious WordPress hack attack (or hardware failure or some other unforeseen catastrophe). There are a variety of options when it comes to backing up your WordPress website and plugins available to help automate the process so it's one less thing on your to-do list. 

Staying Current

Remembering to update your WordPress website and plugins isn't likely on the top of your to-do list. It's also probably one of those things that gets the old "oh, I'll do that later" treatment. You're certainly not alone in having an outdated WordPress core and outdated plugins. You're joined by millions of others who just have other, more pressing priorities for their businesses. But while you've joined them in being outdated, we can guarantee you'll also be joining them in the "our website has been attacked" support group that meets on Thursday evenings somewhere in your local community. 

Attackers aren't just sitting around hoping to discover vulnerabilities in outdated software - they actively seek them out using scanning tools and scripts to identify and target those outdated WordPress websites - en masse. 

Say Goodbye to WordPress

A complete alternative to rebuilding or working to fortify a WordPress website is to actually just say Peace Out to WordPress and bring your brand to live on ExpressionEngine - the most extensible, customizable content management system (CMS) on the planet. When you’re using the same systems as your competitors, it’s hard to stand out from the crowd. ExpressionEngine frees you from the cookie-cutter approach and lets you create a lane of your own to distance yourself from your competitors.

ExpressionEngine owns a much smaller percentage of the market share - only about 1% of all websites use ExpressionEngine, but its seeming lack of users isn't due to the lack of feature-rich or flexible options. One reason the user rate for ExpressionEngine is so much lower than WordPress is that ExpressionEngine is a tool made for developers. A great developer will listen to what content areas the user wants the ability to self-manage and build the website to accommodate their needs, but ExpressionEngine does not offer the drag and drop interface or a library of downloadable design templates where the user simply inputs their content. 

A new ExpressionEngine instance (translation: each new website) begins with absolutely nothing. Every element, component, and field must be crafted from scratch. ExpressionEngine websites are purpose-built for adding features and functionality on demand. No matter where you want to take your business, you’ll have the right tool to take you there. 

In addition to the robust customizability that ExpressionEngine provides, the risk of being the victim of a malicious cyber attack is significantly less. This is due partially to the fact that hackers don't simply don't bother trying to hack such a small percentage of websites (why catch a goldfish when you could get a giant red snapper mentality), but the platform also has a collection of high-security features including secure form processing, Captcha, spam protection features, and easily manage user access and permission levels. However, when it comes to security, common sense should always prevail by following the list of tips listed above in the basic security section as well as keeping the ExpressionEngine platform up to date. 


At the end of the day, both WordPress and ExpressionEngine are excellent choices. While we prefer ExpressionEngine overall, we provide expert development services for both WordPress and ExpressionEngine. Getting started on your website development project is easy. Our process is designed to handle unique challenges and develop tailored solutions. 

First, we’ll get together to discuss where you’re currently at and what you need. Schedule a call with us today! Next, we lay out the best solutions and create a game plan to accomplish your goals. Finally, you get the website you’ve always wanted that supports your unique vision.

schedule a call

5 Things Your Software Should Be Doing for Your Business

Your software should be doing much more than just “working” — it should propel your vision forward.

Hero-splash small