How to Get your Website Hacked

Have you ever worked hard at something only to have it all ruined in an instant?

I have and I’ve seen it happen to countless others.

WordPress Websites are Easy Targets

The WordPress software is no different from any other web publishing platform. No one is 100% secure, especially when you add 3rd party scripts such as themes and plugins into the mix.

There will always be opportunities for hackers and spammers to gain access to your site.

And because WordPress now powers over 20% of all websites online, it’s naturally a valid target.

There are ways to make it easy for hackers and spammers to gain control of your site, and there are many ways to mitigate these risks.

How to Make WordPress Insecure and get your Website Hacked

Use the cheapest web hosting company you can find

Inexpensive hosts are probably laser-focused on high security standards.

They likely invest all their extra cash into going the extra mile in securing their hosting environments.

Use an easy to remember password for your hosting account

Let’s face it. Strong passwords are tough to remember.

Just use your birth date, your social security number, or your address.

Use a very simple password

Why not make it even easier to remember by using something simple like 123456?

Easy to remember and simple to type.

Host dozens of sites on the same shared hosting account

If you’re developing site for clients, why not host their sites on your own shared hosting cPanel account as Addon domains?

You can charge them an arm and a leg each month for “premium managed hosting”.

And don’t worry if one site gets hacked, the others on the same account will be perfectly safe and not hacked immediately as well.

Use a simple WordPress Admin password

You’ve just created a site for your client and it’s time to give them Administrator access.

Make sure you follow the password guidelines above and make their Admin account password really super simple for them.

Don’t install any security plugins

Security plugins are all the rage these days, but you don’t need to worry about using any of these.

Why limit the number of login attempts or change the login url to something custom?

Why would anyone want to hack your non-profit site and redirect all the links to their own porn advertisements anyway?

Do install scripts on the same hosting account that you don’t trust

Maybe you like to test 3rdy party scripts that reside on the same server as your WordPress-powered business website.

Graphics creators, forums, experimental CRM systems from new developers and more.

After all, if you have the server space, why not fill it up to make sure you save every penny you can?

Ignore All of the Above

Obviously the list above was meant as sarcasm and you shouldn’t do any of those things.

But you knew that.

I made that list because it’s some of the lessons I’ve had to learn the hard way myself and the short list of the things I check when working with clients.

Keeping your Website Business Secure Should Be a #1 Priority

There are many ways to keep your business website secure and mitigate any hacking or spam attacks against your site.

It all comes down to whether or not your willing to take a few decisive steps and a little extra time and attention to implementing some baseline security standards.

There are numerous tutorials and articles on how to secure your website.

Reading this security tutorial from SiteGround is a great place to start and offers some easy to use methods and techniques.


Photo by Martin Cathrae