You’ve all heard a horror story of sites being hacked. I read on Forbes that something like 30,000 sites a day show up distributing malicious code. And WordPress is always at a hot center of this debate.
Why is WordPress so Heavily Targeted
The short answer? Because it’s very popular.
WordPress’ ease of use allowed many non-experienced users to build and manage their own website. All well and good, but because of the lack of experience and technical knowledge these users have they fail to keep their WordPress website secure. This makes WordPress websites an easy target, and because of this, WordPress websites in general tend to be a common target of malicious hack attempts.
Put yourself in the mindset of a hacker for just a second. If you want to take over a lot of websites for your own nefarious purposes, are you going to spend all of your time trying to find vulnerabilities on a platform used by 500 websites, or are you going to try to break the platform with hundreds of millions of sites? Because WordPress is so widely used, it’s an incredibly popular target for hackers.
Even though the WordPress core is usually very secure, WordPress is also a modular platform – it can be extended in any number of ways with themes and plugins. Because anyone can write tools for WordPress, it’s possible that not all extensions live up to the same code review standards as the WordPress core. It’s possible for a very popular plugin to have security flaws that can impact thousands of WordPress sites all at once.
Because of its popularity, WordPress is an extremely popular platform for hackers and security researchers alike.