Why is your WordPress Security always under fire?
WordPress IS THE SAFEST and most popular content management system (CMS). There is no doubt about this. However, the truth is, all sites are targets for hackers so nobody is immune. Even a fresh install of WordPress with nothing on it, without any traffic, is still under a significant amount of danger. We talked about this (August 3, 2017) in this post: Identified as New WP under 30 min (August 3, 2017).
When you start any WordPress Security and Monitoring after different events, you’ll notice the sear amount of bombardment, that you’re site gets. Any and every website is a target no matter how teeny-tiny or colossal. The factor is that WordPress itself is such a popular CMS, that it’s a natural target. Hackers can develop a program, typically described as bots or hackbots, that instantly and methodically scans for security holes and attacks several thousands of sites simultaneously. The more sites that can be scanned and attacked, the higher the potential success rate for the hacker.
So why would any hacker consider you precious website worthy of their time, attention and resources? In general, there are two primary reasons why any site is hacked: money and hacktivism (ruining a site for political factors such as to show support for a specific political party or influencing group of people, called social change). WordPress as a target for hackers resembles striking a skyscraper-sized bullseye if you were playing paintball. The possibilities of you being able to effectively splatter that target with paint over and over even from a country/continent away is almost certain.
Considering that WordPress now powers 33% of all websites on the web according to W3Techs. Plus, it is the largest section of sites using a CMS – more exactly 60%. This means there are hundreds of millions of sites that hackers can target. It’s everything about mathematics, truly – and not your WordPress Security.
Smaller, less popular websites are an especially a perfect choice for hackers, due to the fact that they’re less likely to be safe, considering that lots of owners of these sites might not understand they’re really a larger target. On the other hand, larger, heavily secured sites are still a target since there’s a greater audience readily available for hackers who want to exploit and benefit off – if they can manage to bypass the website’s defences.
It is essential to recognize that while WordPress is safe and secure when it’s kept updated, no website is invulnerable to infiltration 100% of the time. For example, WordPress version 4.7.3 covered 6 XSS vulnerabilities in the REST API that might enable hackers to inject code into any WordPress site. It affected over 1.5 million sites according to Wordfence. Sucuri at first reported that approximately 67,000 WordPress websites were hacked and ruined by different hackers due to the found security hole. As soon as a patch was launched, over one million sites weren’t instantly upgraded, which lead to them being hacked.
The American Economic Association reported that businesses and consumers lose $20 billion annually due to spam (scams and phishing campaigns). According to an older (2016) WordPress Security report by Sucuri, 100% of sites that were sampled got eventually hacked in order to exploit them for profit, but 4% of them are concurrently utilized for hacktivism.