How does malware get on my site?
When it comes to WordPress, hacks can occur for a number of reasons:
- Weak or compromised user name/password (control panel, WP admin, SFTP, etc.)
- Vulnerabilities in plugins or themes (out of date, nulled plugin versions)
- Improperly secured WordPress configuration file (wp-config.php)
- Incorrect file permissions
- Phishing attacks against website administrators
- “Black Hat” SEO practices (irrelevant links, content scraping, malicious redirects)
You can take some comfort in knowing that hackers aren’t necessarily targeting your website specifically. Almost 40 percent of all websites in the world run on WordPress. What hackers do is take advantage of known exploits to indiscriminately launch attacks in hopes of finding and infecting vulnerable sites.