Reason Why Websites Get Hacked
Most common misconception about why websites get hacked where website owners often believe they won’t get hacked because their sites are smaller, and therefore make less attractive targets.
Hackers may choose bigger sites if they want to steal information or sabotage. For their other goals (which are more common), any small site is valuable enough. Various goal when hacking website are mainly:
- Exploiting site visitors
- Stealing information stored on the server
- Tricking bots and crawlers (black-hat SEO)
- Abusing server resources
- Pure hooliganism (defacement)
Read more at https://sucuri.net/guides/website-security/
Update Theme and Plugins to Latest Version
Always have the latest versions of theme and plugin(s). When you use outdated versions of plugins, themes, or WordPress on your WordPress site, you run the risk of having known exploits on your website. The most common cause of hacked WordPress websites is a vulnerable plugin or theme that has no patch applied. This means most flaws are exploited. AFTER the vulnerability was patched. Keeping software up-to-date is critical to any WordPress security strategy (more on updates later). Because updates don’t just fix bugs and add new features. This includes critical security updates.
Delete Unused Plugins
If you have an unused plugin(s), delete it! Even though it is not activated. Aside from affecting the security of your website, it also consumes hosting disk space. Don’t use “nulled” theme or plugin(s). Use theme and plugin(s) from verified sources with frequent updates.
How to check if the plugin is always updated by the developers?
From the image below you can view the plugin "Last Updated" details just right bottom of the "Install Now" button.
Used a Security Plugin
Monitor your website with Sucuri, has WAF Protection (Defend your site againts hacks and DDos attacks, Malware Removal, Premium Responses SLAs, CDN). Check out Sucuri and their SiteCheck is free to use for any known malware, viruses, website errors, out-of-date software.
Get Google reCaptcha
Install a Google reCAPTCHA plugin on your WordPress site. On your login, register and any other forms, to stop automated bots from accessing and spamming with new accounts registration. You can register your Google reCaptcha here.
Get notified immediately on vulnerable plugins affected.
WordPress websites are most commonly hacked because of vulnerable plugins and themes. WPScan’s weekly WordPress Vulnerability Report includes recent WordPress plugin, theme, and core vulnerabilities, as well as what to do if your website uses one of the vulnerable plugins or themes.
Enhanced with WordPress Toolkit
You can apply the following measures to improve the security of your WordPress websites. Note that some security measures can be reverted, while some cannot. We recommend that you back up your website before securing your WordPress website.