WordPress is easy to hack.

Yes, WordPress is known to be easy to hack, and there is a simple reason for that: Because WordPress is the most popular website CMS in the world.

In 2017 and 2018 I spent a year travelling through South America, and over the Christmas period spend 5 weeks in Medellin, Colombia.  Work was quiet, and without friends and family nearby, I needed to find a way to stay busy (or I was going to end up drinking a lot of their delicious Ron Medellin rum!), so I bought a $19 online course to learn how to hack into websites.  I already had a fairly good idea, but it was a lot easier than I thought.

I won’t go into details, but WordPress websites are almost always hacked by out of date software (plugins, themes etc), weak passwords or insecure WordPress website hosting.


Why a hacker does, what a hacker does…

It seems silly, right?  To break into someone’s website for no reason at all.  Well, there is a reason.  Actually, there are a few reasons why websites are hacked;

1. Money

The root of all evil, some hackers will get into your website, pull it down then demand a fee to restore your website.  Would you negotiate with a hacker?  

2. Prestige

There are lots of websites in the hacker community, where the login details and URL of websites are posted to brag.  There is a lot of prestige in hacking a big website, or lots of websites. 

3. “Ethical Hacking”

I’ve come across hackers that are breaking into websites just to teach their owners a lesson.  They claim to be doing a good thing for the internet. 

Many years ago, Kim Dotcom built a very successful business out of this, hacking large websites to get the businesses attention.  Then he’d contract to them to tighten their security.  At a huge hourly rate.

Why is WordPress hacked so often?

WordPress is the most popular website platform on the internet.  If you were writing software to hack into websites, you’d want to hack into the most common platform right?

Also, WordPress is self-hosted.  Many businesses host their own websites, or agencies host a bunch of websites, and they forget about security, so hackers find a way in. 

What’s even more frightening – even if your website is secure, you could still be hit.  If there is an insecure website on the same server as your website, hackers can get into your website. 


How to stay safe

1. Make sure your software is up to date.

Our of date software is the easiest way to get into a website. If you don’t update the plugins and themes on your website, it’s only a matter of time before you’re faced with some serious issues.


Don’t use the same password for everything.  If someone hacks into your website, and you use the same password for your online banking, you’re in trouble. LastPass is a great piece of (FREE) software to keep your passwords safe and secure, I’ve used it for years and it’s brilliant.

Use a secure host

Host your website with a security conscious host (Like us!).  If you don’t have the time or knowledge to keep your website updated and secure, you might need a Fully Managed WordPress Hosting package.



Yes, WordPress websites are likely to be hacked if they’re not looked after, but WordPress is still the most popular website platform on the internet. 32% of the internet is using WordPress as a platform to manage their website, which is more than all of the other platforms put together.

When done right, WordPress IS the best platform for your business.  But it needs to be managed. 

It’s kinda like buying a brand new ute for your business; if you don’t keep it serviced, the repair costs are going to cost you a lot, but if you keep it serviced, it’ll be a reliable truck for a long time.