Copy & Paste FAQ: How did my WordPress site get hacked?

This is part of an ongoing series of FAQ questions that web designers can copy and paste into their website to help save time answering common customer support questions.
See All Copy & Paste FAQs / Read The Announcement

Q: How did my WordPress site get hacked?

A: When your website gets ‘hacked’ it’s a very unfortunate event and confusing time for you, this FAQ should help shed some light on what happened and how you can avoid it in the future.

The first few things you need to know is that more than likely you didn’t do anything majorly wrong and the ‘hackers’ probably weren’t targeting you (or your website) personally.

The term ‘hacked’ and ‘hackers’ is used a lot by the media to scare people and can refer to a lot of different things.

There are different degrees of ‘hacked’ – for example a ‘hacked’ website could simply include a link to a another website that the actual website owner did not put there.  In more serious cases a ‘hacked’ website could be completely erased.

A ‘hacker’ usually isn’t a person who sits in a dark government room in a third world country surrounded by computers furiously pounding away at a keyboard trying to break into your website.  It’s usually a simple program that someone wrote which automatically visits websites around the internet looking for exploits in various software/plugins.

The website we created for you includes various security measures (such as brute force protection, two factor authentication, etc) which go a long way to help keep a site secure, however if your theme and plugins on your site aren’t being kept up to date, it is still very possible for a ‘hacker’ to find their way into a site.

Out of date WordPress plugins is the most common reasons a WordPress site gets hacked.

Many experts go so far as to state the most important thing you can do to keep your WordPress site safe is to keep your WordPress plugins up to date.

Not only does the latest version of a plugin provide more enhanced features, but also makes it more secure. WordPress plugin developers are constantly searching for and fixing security vulnerabilities. ‘Hackers’ on the other hand are constantly looking for sites that have any type of vulnerability because it makes them an easy target.

It doesn’t matter how long a website is up and running if there are plugins that are out of date on the site, the site is at a greater risk of being hacked.