Do WordPress websites always get hacked and why?

You may often hear news about WordPress websites getting hacked and wonder why anyone would bother building their website on such an unsafe platform. If hacks are so common, WordPress must be particularly vulnerable to hackers, right? No. WordPress is no more vulnerable than any other platform when built and maintained correctly.

WordPress has highest market share

One of the main reasons you so often hear about WordPress sites being hacked is because there are so many of them! WordPress is the most popular content management system (CMS) in the world, with more than 60% market share (that’s 27 million of websites running on WordPress!) So, if hackers carry out their attacks equally across the web, there is a one in three chance that the hack will hit a WordPress site.

Screenshot of WordPress usage statistics
WordPress usage statistics as of 10 Nov 2020. Source

WordPress is available to everyone

Another factor in WordPress hacks is that the WordPress software is open source and free. It is easily accessible, and many people decide to start a website as a hobby or to “play around” with web design. They don’t pay a lot of attention to security – many people don’t even know to change the default “admin” username, which is probably the first thing a hacker will try.

A lot of these sites get abandoned. When people start building a site as a side project or hobby and then forget about it and stop maintaining it, the outdated software and plugins make it easy for hackers to access it.

Lack of maintenance

This isn’t always the case, of course. Many WordPress users build sites fully intending to use them as a foundation for their business. But again, because WordPress is open source and known for its ease of use, many site owners don’t think they need help, even if they have no experience with website building and maintenance. Others hire developers to create their websites, but that developer goes out of business or is too busy with other projects to offer help. 

Not picking the right hosting service provider

Web hosting plays a role in website security as well. WordPress sites, like all websites, must be hosted on a web server, and there are many hosting companies to choose from – but not all are created equal. Some platforms are less secure than others, and a WordPress site hosted on an insecure platform is more vulnerable to hackers.

So is it safe to use WordPress?

100% yes! When built and maintained correctly, WordPress is a safe and powerful choice of content management systems for your website. With its huge community of developers, you can be rest assured that WordPress will continue to be maintained and improved for many years to come!

We have hundreds of WordPress websites under our care and there had been zero incident so far. If your website runs on WordPress and you are worried about your website’s security, have a look at our WebSifu Plus Maintenance and Hosting Plan or get in touch with us and we’ll be happy to tell you more!

Picture of Dean Loh
Dean Loh
Dean's been in the web game since way back in 2000, surviving the Y2K scare and riding the rollercoaster of the Internet's ups and downs. He still gets a kick out of building websites, but these days, he's all about keeping them safe and sound. That's why he started WebSifu - protecting websites is where it's at for him now!

Ready to choose happiness?

There’s a reason you ended up here today; we dare say it wasn’t just because you had some free time to click around. You likely have a problem that needs solving, and in searching for a solution, you found us. We hope to be the solution you’re looking for!

Switching to WebSifu is a breeze! It all starts with your decision to choose happiness, and from there, we handle everything else. That includes reaching out to your current vendors – your hosting provider, your domain name provider, and even your developer – to seamlessly transition the management of your website to us.

Still not sure? Go ahead and have a chat with us!