WordPress is the reigning king of easy to use web content management. As of 2011 WordPress was the content management system used by a whopping 22% of all new websites and 14.7% of the top 1 million sites. Many big name sites utilize WordPress because of it’s ease of use and flexibility through the plugin system. Along with all of this popularity, WordPress has also become a target for hacking.
The threat of hacking is a fact of life with having a presence online. Hackers write programs to monitor the web looking for unmaintained websites and attempt to gain access to these sites. This past week hacking became all to real for Apple as their iTunes development center was hacked.
High profile sites such as Apple Dev Center and the Department of Defense will atrract special attention from hackers. The majority of sites don’t need to worry about this level of hacking because they are not managing millions of credit card numbers or military secrets. The three primary reasons hackers target low profile sites are:
- Turn the site into a BOT for sending spam or distributed denial of service attacks (DDos)
- Add links to the site to influence search engine rankings
- Name recognition for the hackers
While none of these types of hackings are usually detrimental by themselves, they can do harm to your reputation or result in your site being shut down completely by your web host. We’ve talked before about how to protect your WordPress site from hacking. But since that time there has been a large increase in the hacking attempts on WordPress sites. The majority of these attempts come in the form of brute force password attempts on the default ‘admin’ WordPress account. Below is a log from one of our sites where you can see over 7,000 recent login attempts using the admin account where the password supplied failed. On this site we block the IP address that is trying to access the site after 5 failed attempts. What we have seen is that there are thousands of IPs out there constantly trying to gain access to sites.
These rudimentary hacking attempts are looking to gain access to sites that are not actively managed. Right now they can be easily deterred by simply maintaining your site and monitoring for hacking attempts. Speak to your web host to see what types of WordPress security plans they offer. And if they don’t offer any, look for a host that does or call us.