← Back to all posts

Do You Use Wordpress? 90% Of All Hacks Happen to Wordpress Sites

Category: Create Your Product

Do You Use Wordpress? 90% Of All Hacks Happen to Wordpress Sites
Table of contents
Read time: 5min

It’s a typical day like any other when you get an email from your CMS provider.

The subject line:

Your Data Has Been Breached.

If you run an online business, this means that all of your customer data including their names, addresses and credit card numbers have potentially fallen into the wrong hands.

In extreme cases like with mega-retailer Target in 2013, a data breach can even lead to a lawsuit.

What you might not know is that 90% of all CMS hacks come from one source: Wordpress. According to a recent report on 2018 website hack trends by GoDaddy owned security vendor Sucari, over 90% of all CMS hacks happen on WordPress sites.

The leading cause of infections was “component vulnerabilities” like plugins, themes, and extensions which had not been updated or left backdoors for hackers to exploit. Other culprits include misconfiguration issues and a lack of overall Wordpress security maintenance.

According to the report, “attackers have a high interest in targeting e-commerce websites with valuable customer data, i.e., credit card and user information.” E-commerce sites that use Wordpress have to use plugins or extensions to handle various tasks or integrate with other systems like payment processors. The more systems you have to patch together, the more opportunity there is for hackers.

E-commerce sites are notorious for not updating their plugins and extensions because of the website downtime associated with these updates. Most E-commerce website owners don’t want to risk losing revenue by taking their site offline for even a minute. So, instead of scheduling downtime to update their components, they continue to run out of date plugins or extensions until it's too late.

You must take a proactive approach to protect your CMS and customer data or you are putting your entire business at risk! The big problem with Wordpress is that there is virtually no vetting process for creating a plugin or extension. Anyone can create plugins or extensions, and they don’t have to keep them up to date.

That’s one of the reasons we created Kajabi, so you could have everything you need to create, sell and host your online courses and communities all in one spot - no plugins or extensions necessary.

While components like plugins experience a high level of vulnerability due to not being updated, most of the Wordpress hacks occurred in up to date systems. In fact, 58% of the hacks happened on websites that were running the latest version of Wordpress. Let's look at the 3 most common ways hackers attack your CMS.

The 3 most common tactics, techniques, and procedures used in Wordpress Hacks:

1. Backdoor attacks. Backdoor attacks happen when files are used to reinfect a site to retain access. Backdoor attacks were seen in 68% of Wordpress hacks.

2. Malware. Malware is a catch-all term for browser-side code that creates drive-by downloads on your site. Malware was found in 50% of Wordpress hacks.

3. SEO Spam. Found in 51.3 % of all Wordpress hacks, this type of hack targets a highly ranked website’s SEO to monetize via affiliate marketing or other black hat tactics. 

How can you protect your data from Wordpress hacks?

The easiest way is to move your website off of Wordpress and onto a more secure platform like Kajabi.

But if you insist on using Wordpress here are a few things you can do to keep your CMS safe.

1. Use a strong password and change it monthly. The most essential part of keeping your CMS data safe is to create a strong password that can’t be easily cracked or figured out through a brute force attack. Create a password that is between 7 and 13 letters long which includes a number, symbol, and both capital and lower case letters and change it regularly.

2. Keep WordPress and all components up to date. Make sure to keep Wordpress and all components up to date. Update your themes, and plugins as soon as possible. If you are worried about losing sales while your site is down, update your website during the middle of the night.

3. Keep your server clean. Once you update to a new version of Wordpress be sure to delete the old version from your server. Unused WordPress files, plugins, and extensions can still be targets or provide backdoors for hackers.

4. Only use plugins and extensions from reputable developers that offer support. Before you decide to use a plugin or extensions check out the developer and their reviews. Do they seem reputable? Do they offer user support? If you stick to reputable developers, you can avoid a lot of the headaches that come with using plugins. 

5. Install an SSL certificate on your site. A secure sockets layer (SSL) certificate is used to encrypt all communication between your website and server. Encrypting this data makes it much harder to intercept and will result in a more secure site overall.

Getting your CMS hacked sucks!

In this article, we looked at the new 2018 Website Hack Trends Report put out by Godaddy’s internet security vendor Sucari.

You learned that the leading cause of CMS infections is component vulnerabilities, followed by misconfiguration and lax overall security protocols.

You also learned that keeping your CMS updated is not enough as 58% of all Wordpress hacks happened in the latest version of Wordpress.

The 3 Big Take-Aways:

  • 90% of all CMS hacks happen on Wordpress.
  • The 3 most common tactics for hackers are using backdoors, malware and SEO spam.
  • If you are going to use Wordpress you need to make sure to create a strong password and change it monthly, keep Wordpress and all of your plugins/extensions up to date, keep your server clean, use only reputable plugins that offer support and use an SSL certificate.

Want to avoid 90% of all CMS hacks?

If you’re ready to take full control of your CMS’ security, it’s time to get off of Wordpress and onto Kajabi. When you use Wordpress, you have to figure out how to stitch together multiple systems for things like payment processing, SEO, and email marketing. This leads to vulnerabilities that leave you and your customers at risk.

Be sure to read our Kajabi vs. Wordpress blog post covering the important aspect to consider when evaluating both online course platforms.

With Kajabi there’s only one system. Everything you need to create, host and sell your online courses, memberships or coaching programs is all in one place.

Whether you already have an online course business or you are just starting, using Kajabi as your CMS is the safer and more cost-effective choice.

Check out a FREE 14-day trial of Kajabi here.

Get complete access to our tools, templates, and other assets, so you can fully explore what Kajabi has to offer.

Don’t leave the security of your CMS up to chance. Try a free trial of Kajabi today!


Kajabi Hero Live
Stay in the loop

Get free expert insights and tips to grow your knowledge business sent right to your inbox.

By submitting you agree to receive our monthly Knowledge Economy Newsletter as well as other promotional emails from Kajabi. You may withdraw your consent at any time via the “Unsubscribe” link in any email or view our privacy policy at any time.
Oops! Something went wrong while submitting the form.
Try Kajabi free for 14 days.
Since we’re both serious about your business, let’s make it official.
Start free trial