Conceptual Creative

The Most Common Attacks On WordPress Websites

Woman hacker wearing an hood in front of computer screen

The Most Common Attacks On WordPress Websites

WordPress like many platforms are prone to attack, here are the most common attacks on WordPress.

WordPress is a highly popular platform and with such a large market share it is a target for hackers. As with anything that is popular it becomes a target because there are so many opportunities in the marketplace.

Many people like to claim that WordPress is a target because it’s not secure however this simply isn’t the case. Just like Windows operating system on computers, WordPress has a large user base and it is this large user base that makes it a target.

During one of the worst security breaches for WordPress over 18 million WordPress users were reportedly affected. Data shows that around 73% of well known WordPress powered websites have vulnerabilities.

What this generally means is that the owner of those sites has either not kept their website up to date or they have made poor choices during the build process, or during the security hardening process.

In most cases the common attack types on WordPress sites can be effectively combated and prevented. Let’s look at these key problems and how you can best combat them.

Plugin Vulnerabilities

Most WordPress websites heavily rely on the use of plugins to add functionality to the site. WordPress was designed to be scalable and by nature rely’s on third party developers to create and maintain a range of plugins that you can use on your website.

This reliance on plugins is one of the reasons WordPress is so popular but also one of the largest security vulnerabilities. Plugins are always generally written with good intentions in mind but often small code related issues cause a plugin to have a weakness.

On average anywhere between 50% and 60% of all WordPress related attacks can be attributed to plugins. This is due to 2 key points and they are as follows:

  • The developer has nefarious intentions – Where an opportunity exists their is always those who will exploit it and whilst 99% of plugin developers are not like this some are. 
  • The login has a code vulnerability – Hackers intentionally look for small pieces of code that creates an opportunity to bypass the security in the website.

In order to prevent this style of attack you simply need to try and follow these couple of rules and you will be less likely to be successfully attacked.

Update Your Plugins Regularly – By updating your plugins on your website on a regular basis (at least weekly) you will be mitigating your risk of being hacked.

Use A Security Plugin – Install a security plugin that will help to identify the vulnerabilities and protect you to a point from exploits for those plugins. 

Avoid Using Abandoned / Old Plugins – When your looking for a plugin to use on your website take a look at when it was last updated. Is the plugin updated by the developer regularly? If the plugin has not been updated in the last 12 months then there is a major risk it could be vulnerable.

Brute Force Attacks

The next most common attack faced by WordPress users is brute force attacks. In a brute force attack a hacker will most likely leverage a small piece of software that will hundreds or even thousands of password guesses to try and forcibly access your system.

This leads back to making sure that you have good strong password and login credentials. Believe it or not but some of the worst habits users have is to use easily guessable usernames such as admin, test, or administrator. Aside from easy to guess usernames the next issue is using poorly constructed passwords such as 12345, letmein and password.

We recommend making sure you utilise a strong password that contains a good mix of uppercase and lowercase characters, numbers and symbols. An example of a good secure password could be AjM45$hit89%# of course don’t use that password go ahead and try making your own or why not use a website to help you generate a strong password. One such tool you could use is or you could use the built in password generator that comes with WordPress itself.

You can always strengthen your login security by adding 2 factor authentication such as Google Authentication. Two factor authentication will make brute force attacks on your website close to impossible to complete.

WordPress Core Vulnerabilities

Just like it is important to make sure your plugins are up to date it is also critical to make sure WordPress itself is up to date. We know that WordPress itself can be just as vulnerable as the plugins and themes it uses and that’s why you should also make sure your WordPress installation is running the latest version.

Hackers are always looking for the holy grail of WordPress weaknesses and they are the vulnerabilities in the WordPress core system. Because any vulnerability in the core opens up the potential to attack every WordPress site running the same version.

Fortunately for us the WordPress development team and community are regularly patching and fixing minor and major vulnerabilities. This means each time a new version of WordPress is released any bugs and exploits that are known are typically patched or fixed.

If we could give you one key takeaway from this article is make sure everything is up to date at least weekly. This includes all plugins, the WordPress core and any themes used.

Malware, Phishing and DDoS Attacks

This is not a WordPress specific issue and can affect websites of almost every type. 

Malware for a website is much like malware for computer software in that it is a small piece of software that creates a vulnerability or backdoor into your website.

Phishing in regards to a website is where additional content is added in hidden places on your site that pretend to impersonate other websites. The most common sites impersonated are banks, government departments and billing software platforms. A phishing attack on your website hurts your websites reputation, the server it’s hosted on’s reputation, and can lead to being blacklisted by search engines and security companies globally.

DDoS attacks or Distributed Denial of Service attacks are where a hacker effectively sends so much fake traffic to your website that your hosting server can’t cope and shuts down or crashes. This disruption to your services is usually a connected network of already compromised websites and computers that all attack your website at the same time. This is also known as a botnet.

To get around this and to mitigate your risk we recommend utilising good quality hosting, and scan your site regularly for malware. You can scan your website for common security issues using the Sucuri Sitecheck tool which you can access here we also recommend installing security plugins on your website such as Sucuri or WordFence both of which are available on the WordPress repository.


Make sure you follow some basic common sense practices when it comes to securing and protecting your website investment. Yes keeping on top of security and maintenance for your website can be time consuming. If you don’t have the time you can always look at website designers or developers who have care and maintenance plans that will look after this for you.


Share on facebook
Share on twitter
Share on pinterest
Share on linkedin

Related Posts

Microphone in modern radio station broadcasting studio

Care Plans In Detail

Hello and welcome to this episode of The Online Concept Podcast. In this episode I am going to break down WordPress Care Plans into a bit more detail with the aim of helping you to make a more educated decision regarding your WordPress support needs. When it comes to your WordPress website a care plan

Microphone in modern radio station broadcasting studio

Top 6 WordPress Plugins To Boost Business In Tough Times

SUMMARY The world as we know it has changed right now but this too shall pass just like other tough times we have all as business owners experienced in the past. In this episode we will be taking a look at our top 6 WordPress plugins that can really help you to grow your business

Microphone in modern radio station broadcasting studio

Top 5 Tips For Business Owners To Stay Visible Online

SUMMARY In this special episode Martin from The Online Concept Podcast and Tabitha from the Bite Sized Branding Podcast talk about how you can keep your business visible in these tough economic times. Get our top 5 tips to stay visible. SHOW NOTES Podcast Name: The Online ConceptEpisode Number: 3Description: Our top 5 tips for showing up

Microphone in modern radio station broadcasting studio

Getting Started With Websites – The Basics

SUMMARY In this episode of the The Online Concept Podcast, we discuss Getting started with websites, what is a website, do you need a website and the types of websites For all of the new listeners out there we would love to hear from you so please visit our contact page and let us know

Beautiful CustomisedWordPress Web Design

Chris Gent
Conceptual Creative is the best around. After a previous bad experience with another web developer it was refreshing to have Conceptual Creative deliver exactly what I asked for. Extremely knowledgeable, professional and I highly recommend. Huge short out to Martin Mills who headed up the project.
Tracy Kennedy
Martin and the team have been great to work with and have built a fantastic website for our business. I always get a response to my emails and phone calls quickly and my queries are answered clearly. I would absolutely recommend Conceptual Creative to anyone wanting a new website or ongoing management of an existing website.
Sam Price
Martin and the team from Conceptual Creative produce excellent websites and are always willing to share their knowledge. I have always been very happy with their work and Martins creativity always impresses me.
Joseph Bobadilla
Martin and his team at Conceptual Creative are your go-to for new website builds or ongoing website maintenance at great value. He is very knowledgeable in all things WordPress related and great to deal with - highly recommended!
Di Bensley
I engaged Conceptual Creative after learning the hard way and having my business website hacked. They have provided quality and timely service to my company and complete peace of mind 24/7. Whether providing support, maintenance or giving us the opportunity to make updates, Conceptual Creative’s expertise and support services have been outstanding!

©2020 Conceptual Creative Pty Ltd, All rights reserved.

Scroll to Top