Why Would a Malicious Hacker Target Your WordPress?

Last updated on February 18th, 2017 by Robert Abela. Filed under WordPress Security

Hacking WordPress websites for fun and profitWe’ve all heard it on the news; hackers want to hack websites to steal credit card and confidential user information for their own financial gains. So why on earth would anyone want to hack into your hobby WordPress website about cute little kittens, or your small business website, even when it does not hold any sensitive information?

The hacking to steal credit card information mantra is quite old now, and although it still happens, there are many other reasons why malicious hackers hack websites, and why your WordPress website about cute little kittens is still as much of a target as other popular websites.

Why Are Websites Hacked?

The following are just a few reasons of why malicious hackers are always on the lookout for vulnerable websites to hack.

Hacking for Bandwidth

Bandwidth is expensive, especially when transferring terabytes of data every day. Hackers target any website, WordPress or not, to use its bandwidth. Such bandwidth is typically used and also resold to generate profit and is typically used for VoIP, torrents and other similar traffic.

Hacking To Store Illegal Files & Malicious Software (Malware, Adware etc)

hacking to store malicious filesTorrents, malware, stolen confidential data and other illegal content such as child pornography are the order of the day on the internet. Though no one wants to store or get caught with such data on their computer. Malicious hackers hack into websites and web servers to store such content on them. When websites are hacked for such purpose, it is common for the administrators to not notice that their website was hacked, since the performance of their websites and servers is not affected. The only obvious indication would be a spike in bandwidth usage.

Hacking To Use Websites as Stepping Stones and Bots

Malicious hackers use public Wi-Fi’s, VPNs, TOR networks, proxies and other similar solutions to launch hack attacks and also ensure their activity cannot be traced back. They also hack websites and use them as a stepping stone to launch further attacks against other targets; use them as bots, which typically form part of a huge network and are used during large scale DDOS and other type of malicious attacks.

Hacking Websites for Black Hat SEO & Marketing

Hackers hack WordPress websites for Black Hat SEO purposesThe target of all Website owners and marketers is to rank as high as possible in search engine results (SERP). While the majority do their best and use legitimate means to improve the ranking of their websites, a few tend to turn to black hat SEO techniques. This typically includes the hacking of other websites on which links and keywords are embedded for the benefit of others. Malicious hackers do make a profit from selling such services.

Hacking for Industrial and Other Type of Espionage

This might sound like something from the Jason Bourne movies, though it does happen for real. It happens in politics, between governments and countries, and in all other type of industry vertical. Your cute little kittens website might not be the one which is hacked for industrial espionage, but it might be hacked to aid such activity.

Hacking for Hactivism

The internet allows everyone to post whatever they want, freedom of speech at its best! Nowadays every politician, political party or movement has a website. Though not everyone agrees with the messages on such websites. Therefore many also hack for hactivism, to show the world that they do not support the message the website is promoting. Hacking groups such as anonymous are notoriously known for hacktivist attacks.


WordPress is Heavily Targeted

WordPress’ ease of use allowed many non experienced users to build and manage their own website. All well and good, but because of the lack of experience and technical knowledge these users have they fail to keep their WordPress website secure. This makes WordPress websites an easy target, and because of this, WordPress websites in general tend to be a common target of malicious hack attempts.

Hacking for Fun, to Learn and as a Challenge

Hacking is challenging and fun! Many hack because they enjoy it, they see it as a challenge and as an achievement. There is a lot to learn from hacking and many resort to it because they have an urge to understand how things work. Many do it for a living and work as ethical hackers, but like in everything else, many practise it illegally.

Your WordPress Website is a Target

Your website will always be a targetThe above are just a few of the reasons why malicious hackers are always searching for vulnerable websites to hack into. For them it does not matter if the target is a WordPress website or not, or if it is about cute little kittens or cycling. As long as it is vulnerable and it has something they can profit from, they will go for it. For example many have already taken advantage of the late REST API vulnerability in WordPress and within a few hours more than 1.5 million WordPress websites were hacked (ref ThreatPost).

As a website owner make sure to ALWAYS take WordPress security seriously because once a website is online, it is a target! Read How to Identify a Hacked WordPress website for some tips on what to lookout for when running a WordPress website, and to ensure you can identify a WordPress hack at the earliest possible.

WordPress Hosting, Firewall and Backup

This Website is:

One comment

Prajwol 23/02/2017

Thanks, Robert, for your useful and informative post. I still didn’t know about this now I am updating my site to WordPress version 4.7.2.

Leave a Reply

Your email address will not be published. Required fields are marked *