Why Was My WordPress Website Hacked?

Why was my WordPress website hacked; it’s often an issue with the security that leaves the door open for the burglars to get in.

Hackers are burglars; they are usually trying to gain momentary benefit from hacking your website. If you aren’t keeping a constant eye on it, you stand to lose a lot more than just your money and it won’t happen to me as I am just a small business unfortunately just won’t cut it. This is a worldwide problem that is not limited to the rich and famous, your identity is valuable and can be sold.

Why Was My WordPress Website Hacked? Is a common question.

3 most common ways that hackers can hack into your WordPress site include:

  • Security breaches in 3rd party plugins
  • Non-secure passwords and logins
  • Old, unattended sites

Security Breaches in 3rd Party Plugins

Plugins are the little programs that help to run your website

All plugins available on WordPress are third party program, which means someone else (not WordPress wrote the code to plugin). Plugins are the little programs that help to run your website, make the forms work, the social media button, let you see your analytics etc.

Any plugins that you install on your website are 3rd party and carry some amount of the risk of your website being hacked. Don’t get me wrong plugins are awesome and can make your life so much easier and your website run really well with all the bells and whistles, however be aware that you are letting a stranger knock at your door and you need to run a few checks before inviting them in and letting them contribute to the functionality of your website.

How to check the creditability of a plugin before downloading:

  • Good reviews from other users
  • Regularly updated
  • Has been downloaded a lot

If your plugin ticks these boxes, then you will be ok and you can be sure of its authenticity and safety. Remember you must keep your plugins updated to protect your website..

Non-secure Passwords and Logins

Do you use the same password for everything?

Is it something obvious or easy to guess?

Change it now!

Brute force is one the hackers favourite ways to try and get into your website and a weak password is like leaving the door open. Make sure you don’t use the default “admin” as your login name either.

According to The Telegraph in the UK, the most common passwords still are not very strong.

  • 123456
  • 123456789
  • qwerty
  • 12345678
  • 111111
  • 1234567890
  • 1234567
  • password

A lot of software and websites are now forcing you to have stronger passwords by making you have a Capital letter, a number and a special character; yes it’s a pain in the butt however it might just save your ASS! You should make it a blanket rule to uses these type of passwords (PASSWORDS plural – not the same one for everything).

Old Unattended Sites

If you aren’t keeping an eye on your website, someone else will be and for all the wrong reasons. If you are unaware of the health of your website you won’t know something is wrong until its really, really wrong.

Here are some common tell-tale signs of a site being hacked that you won’t pick up unless you regularly check your website:

  • Malware warning popups
  • Your website disappears
  • The website loads really slow or just crashes
  • Your website redirects
  • Extra links or your site is covered in ads to unrelated products
  • Hacker code left behind – gibberish text at the bottom or top of the page
  • Emails being sent to spam
  • Lots of undelivered emails to addresses you don’t know.


There are plenty of other ways that are less obvious and could be damaging your site or mean your site is being used to forward on harmful information.

To minimise your WordPress website being hacked

Make sure it is backed up and kept your website up to date, have a reputable security system installed and follow the information in this article. Have you upgraded to HTTPS for you website, that is another great way to help protect your website, read our HTTPS article for more information?

Need help? Contact Cathy and the team at CATCO Enterprises.