Wordpress is an extremely popular open source content management system which is for blogging but also as a core business website. Wordpress is a great CMS and has tons of features and plugins but being open source it also means that anyone can download it and view the source code including hackers. Most people install Wordpress through their hosting company which may be offered as a "one-click-install" using Fantastico or Simple Scripts which makes it very easy. However, what most of people dont know is that that Wordpress is such a targeted platform by hackers who know all the security vulnerabilities and can explore them. Most people are not tech savy when it comes to dealing with Wordpress as it was installed from a third party website so they get stuck and end up with only headaches.
Most common hacking problems:
- Weak Passwords
- Outdated WP version
- Being on a shared hosting
- Incorrect File Permissions
- Untested or Buggy Plugin-ins
- MySQL Injections
- FTP hacking
And the list goes on and on as hackers always find loopholes to dig in. The funny thing is that these hackers do it for the fun of the game not to really do any harm but its embarrassing to a business when a customer goes to the homepage to find a hackers message.
So what to do if your Wordpress is hacked ?
First, this to do is change all of your passwords including server and FTP not only your Wordpress. Second, take your site down and put a simple html "under maintaince" page so people dont see the hacked message. Third, go to your backups(assuming you have backups) and restore everything back to normal starting with WP files as well as database files. If this fails then you have to ask for professional programmer or Wordpress expert to fix the issue.
Installing Wordpress is one thing but keeping it safe its a whole different animal and appropriate security patches need to be added for future prevention. Hope this helps and if you need any help with Wordpress let us know!