5 Steps to Guarantee Your WordPress site will be Hacked. Soon.

August 13, 2012   ·   By   ·   7 Comments   ·   Posted in Security, Wordpress

It was pointed out to me recently that we’ve been pretty discriminatory here on the blog recently, assuming that people want to avoid getting hacked. What about the people who *want* to be hacked? Maybe you’re interested in hearing about the political leanings of web savvy (and morally undeveloped) youth. Maybe you enjoy the thrill of the chase in figuring out how a hacker got in. Maybe you’re just lazy. Whatever the case, here are 5 steps you can take today (or just not worry about fixing) to put yourself at risk:

  1. Don’t Worry About Updates

    After all, updates can break your site, right? Just ignore them. Plugin updates, theme updates, core updates. Heck – even updates to your FTP client or operating system – they can all wait.

  2. Install Plugins and Themes from Anywhere

    This theme has encrypted code in the footer to prevent the author’s “Real Estate Miami” link from being removed? That’s a sign of professionalism and quality. Use it.

  3. Use Weak Usernames/Passwords

    No one is going to guess that your password is “Password”. Maybe “123456″ is just the password you always use so you can remember it. What are the odds that somebody is going to check your little corner of the web and try the password?

  4. Host all 97 of your sites as addon domains

    Reseller hosting is for suckers, and anything more than $10/month for hosting is highway robbery. Having all of your sites accessible via one FTP login is so convenient it’s worth the risk.

  5. Don’t worry about backups.

    Logically, this won’t make you less secure. But according to logic, the toast you drop in the morning should land butter side up 50% of the time. We all know it’s butter down every. Single. Time. Somehow, a site without backups is just more likely to get hacked.

Yes, this is all terrible advice. Over the next week or so, we’ll be putting out a post on each one of these topics – why they’re a problem, and what you can do to solve them – so check back! In the meantime, I’d love to hear more tips on how people (inadvertently) make their sites less secure – share in the comments!

  1. Haha Peter, Awesome advice…. ….not! :o )

  2. Yikes. I have been pretty lazy with those updates, and totally oblivious to the fact that I could be creating trouble for myself! I’m such a complete novice, that I avoid those updates because it takes active (technological) brain cells, on my part. You have helped me so much with your posts and with blogging 101. Please keep it up.
    ~ Carolyn

  3. Bob

    This is indeed terrible advice- i will make sure not to follow any of it – thanks!

  4. Lol! I love the sarcasm in this post!

  5. Know what NOT to do can be just as important as what to do!

    Here are 2 related tips to help get your account hacked:

    1. Give out your username and passwords. After all, if someone is going to work on your site for you, they need access. Sometimes it just takes too long to add a new user.

    2. OK – Heaven forbid you actually DO create a new account for a contractor, you might as well leave that account active long after the work is complete. After all, you never know if you will use that person again in the future! It is too much work to have to recreate an account a second time.

    Thanks for the post!

  6. hi peter, im one of your client, so if you had any reference, regarding wordpress templates, which of the sites that we can download the wp templates that is the safest from hacker ?
    do you have any reference site?

  7. Ok , i’ll change my password from 123456 to 654321
    Useful post , Thank you

Submit a Comment