If You Want to Get Your Website Hacked, Go with Wordpress

Don't get me wrong.  I don't have anything against Wordpress.  In many ways I like Wordpress, but I was reminded again this last two weeks why you may not want to go with Wordpress.  It is vulnerable to hacking.  I know there would be people that would argue against that.  If you properly setup a Wordpress site you can make it much less vulnerable and we've done that more times than we can count successfully.  The reality is this, however: when you build a website with Wordpress it is like a deer in the forest wearing neon orange.  You can put on a kevlar vest under the neon, but at the end of the day it still wears orange. 


Why you ask?  One simple fact.  Being the must used open source content management system on the market it automatically becomes the biggest target to hackers.  In the last two weeks, I've worked on two sites that we did not build but helped to clean up hacks on.  We are probably approached, on average, by Wordpress site owners 4-6 times a year and asked to help clean up their sites.  In comparison we deal with Concrete5 CMS hacks about once every three years and we work on 10 times the number of Concrete5 sites as we do Wordpress.

Hackers find vulnerabilities in Wordpress and then they just troll the internet looking for sites to hit.  For some hackers it is just a game.  For other hackers, they mean to do harm.  Either way, it can cost you a lot of time and business. 

The architecture of Wordpress in some ways leaves it vulnerable, but in a lot of cases it is the plugins that are added to Wordpress that can cause you the most problems.  If hacking is a concern to you and you are about to build a new website, consider the following:

  1. Use the Concrete5 CMS rather than Wordpress and you'll be more like a deer wearing camo.
  2. Update your Wordpress site regularly and also update your plugins.
  3. Add a challenge box in front of your Wordpress login page. That will reduce the number of brute force attacks on your website.
  4. Make sure database and Wordpress passwords have letters, numbers and upper case letters in them and not guessable.
  5. Install your website on a server that has a firewall that will blacklist users with too many attempted logins.

Let us know if you need help with a Wordpress site or would like to have a concrete5 website built for your business.



For more information about this blog or Concrete5 please contact Jamie Johnson.