WordPress Security Threats

WordPress Security Threats to Small Business

A multitude of WordPress security threats affect small businesses every day. In an age of increasing cyber attacks, every company is vulnerable and no company is too small of a target.

"...71% of the 30,000 malware attacks which occur daily
happen to businesses with less than 100 employees."
Source: Alliance IT

Professional hackers don't target you for who you are... They simply sweep across the web looking for vulnerable targets and then they swoop in. Hackers are getting more sophisticated and the variety of ways they assault your website are always expanding and improving. There are countless examples of this, with new cyber attacks being reported every day.

(Want to skip straight to solutions? Go to our WordPress Security Solutions page.)

Not sure if your website is a WordPress website? Find out what platform your website uses by  entering your web address at
WhatCMS.org

The Nature of Security Threats to WordPress Websites

  • Ransomware attacks are in the news frequently and they're becoming more common every day for companies of all sizes, big and small. In a ransomware attack, hackers hijack and disable your website, holding it hostage in an attempt to extort money from you. And ransomware hackers have become smarter in recent years... They no longer demand tens of millions of dollars from everyone; just from mega companies. But they have figured out that small businesses will often pay $10-20,000, or even just a few thousand dollars, in order to regain control of their website. Don't get ransomed; Get website security!
  • Code injection attacks such as cross scripting attacks (XSS attacks) insert hidden, malicious code on your website that stealthily hijacks links on your website. These nefarious links look normal and harmless, but when clicked, they send your website visitors to gambling websites, porn sites, sites promoting ED meds or for things like scam websites for alleged cures for COVID-19 or cures for just about anything. They can also hijack your search engine listings and steal traffic that should be going to you. Google can ban or demote your website when it gets hijacked like this because basically, your website becomes associated with bad links.
  • Brute force attacks probe hundreds of thousands of websites every day using millions of computer generated username & password combinations trying to break in through your login page. Our security reports show evidence almost every week of attempted brute force attacks against our own site or against client websites. Small business WordPress websites without good security have a special problem... all WordPress websites default to a login page with the same name (https://yourdomain.com/wp-admin/). Because of this universal login page location, these brute force attackers have easy place to start... unless you implement security provisions to change the location of your WordPress login.
  • Malware can be hidden in any email you receive or in any link submitted entered on your website contact form.
  • SERP Hijacking pirates your Google search results so when people think they're clicking to your website from the search results, they're instead sent to other sites like fake pharmacy sites, porn sites, online gambling sites, nefarious loan sites, etc. This is very common and poses 4 big problems for your company...
    1. SERP hijacking is difficult to detect and they can often go undiscovered for months.
    2. You can lose significant traffic from your highly ranked search results that should be sending you great traffic.
    3. You can take a big hit to your reputation... What will your potential customers think about you if they get sent to a porn site when they click on your company in the search results? Will you ever get a second chance from them? What if they come back and try you again in 3 weeks and they get the same result? You've lost that opportunity!
    4. You can get sanctioned by Google and removed from search results for allowing this to happen and allowing it to persist.
  • Parasite Hosting - Some code injection attacks result in hackers installing new pages on your website that are well hidden and hard to detect. These sites are, inevitably, undesirable and can lead your website visitors to undesirable places.

Learn about WordPress Security Solutions.

WordPress Security Pros Discuss Website Hacking

This 10 minute video by two of the biggest companies in web hosting and security is very informative and well worth watching. We don't expect you to be an expert, but at a minimum, you need to be aware of the security threat out there. If you want your website to be safe from hackers, then you have to know what to look for! So spend a few minutes to watch this video and then get in touch with us to discuss your website security!