WordPress Security for Small Businesses

WordPress is arguably the best CMS available due to its usability and customisation features. But, it is known to be a hacking target.  This means that approximately 27% of websites on the internet are at risk, including yours.

WordPress Security is Important for all Businesses, Big and Small!

Many small businesses believe that because they don’t have an e-commerce website or because the majority of their business is not done online they do not need to pay attention to their WordPress security because no one would be interested in hacking them.

A survey carried out in 2016 found that “82% of small business owners believed they were not targets for cyber-attacks” (Business News Daily). However, evidence proves that they should be thinking differently as “43% of cyber-attacks” were targeted towards small businesses in 2015. (Small Biz Trends)

We have created a go to guide for WordPress security for small businesses. Here you will be able to find out why you may be hacked, how you may be hacked, the possible implications of being hacked and most importantly, how to protect yourself from a hack.

Why do Hackers Hack?

People often think that hackers only motivation is to steal credit card details but that is not the only reason for a hack. Hackers breach website security for a variety of reasons.


There are a lot of hacking communities out there. These communities encourage their members to hack websites simply to say they can. For these hackers getting inside your website and changing a few things around is fun and gives them bragging rights to fellow hackers.


Some hackers will hack a WordPress site in order to access the computer power of the webserver that it is running on. This allows them to use your resources for free and to hide their identity behind yours.


Black hat Search Engine Optimisation (SEO) campaigns are often a motive for hackers. They are able to use your affiliate links and redirects for their own gain. This will, ultimately ruin your search ranking in Google.


Data is the most commonly known reason for the hacking of a WordPress site. Credit card information is the most obvious data for hackers to target. But, they also want your mailing list in order to send spam emails that contain malicious links and viruses on your behalf. In more extreme cases data theft can occur which leads to extremes such as identity theft of both the company members and its customers.

What are the Types of Hack?

There are numerous types of hacks that WordPress sites may subjected to. These include; malware infections, cross site scripting (XSS) hacks, phishing, ransomware, man in the middle attacks, drive-by downloads, pharma hacks and malicious redirects to name just a few.

The main hacks that small businesses with WordPress websites should be aware of are backdoor hacks, brute force attacks, SQL injection hacks and distributed denial of service attacks.

Backdoor Hacks

Backdoor hacks are the most common form of unauthorised entry into WordPress websites.  A backdoor hack is a method of bypassing authentication allowing a hacker remote access to a website. This allows the hacker to add themselves as a hidden administrator and continually make whatever changes they want. Backdoor attacks usually lead to further malware attacks such as drive-by downloads and pharma hacks too.

Brute Force

Brute force attacks are a case of trial and error. Hackers using this type of attack will try a large number of consecutive guesses at your username and password. It is considered a time consuming but foolproof method. Again, once the hacker is in they have the ability to do whatever they want with your WordPress site and the data it contains.

SQL Injections

Injection hacks are an SQL code injection technique that inputs malicious SQL statements into the SQL queries within a website. SQL injections can be especially dangerous for websites that hold or transfer funds.


Distributed Denial of Service (DDoS) attacks attempt to make a website unavailable by overwhelming its servers with traffic from multiple sources. It is suggested by Digital Attack Map that 1/3 of all website downtime incidents are attributed to DDoS attacks. The result of a DDoS on your website is downtime. This can lead to a loss of customers and a loss of sales amongst other things.

What Impact can a Hack Have on a Small Business?

The results of having your WordPress security breached are never enjoyable or positive.

There are some obvious short term impacts of a WordPress hack including disgruntled customers and a drop in sales. But, if the hack is not dealt with both quickly and efficiently there can be a number of serious long term implications.

Having your WordPress site hacked not only affects you but you r customers too. It can lead to infections of their computer and a loss of their data. It will also impact any websites that you had an affiliate or advertising partnership with.

There are physical consequences of a hack including Google blacklisting your site from its search engine and the loss of your site altogether if you, or your host, did not take efficient backups before the hack occurred.

One of the biggest impacts of a hack is the loss of trust in your company from customers and partnering brands. This damages your corporate reputation.

How can you Improve Your WordPress Security?

Hacking is a very real concept for every website owner whether it be a personal blog, a small company website or a large e-commerce website. However there are precautions that you can take to protect their WordPress site. We recommend preventing a hack by, first and foremost, investing in a good Managed WordPress Hosting company that will provide you with top notch security.

Additionally, to protect yourself make sure you are aware of the themes and plugins you are using. Before downloading WordPress Plugins or themes you should ensure that there are no known or unfixed issues.

Themes and plugins need to be updated regularly the same as your version of WordPress. This is because when an update is completed a list of any vulnerabilities found are then published online. This means hackers have full access to the list or vulnerabilities!

We would strongly recommend using an advanced firewall to block spam connections and attacks as well as purchasing an SSL certificate.

You should do regular virus scans in order to continually check for any threats. We would recommend doing regular backups as well. If anything does go wrong you will still have a previous, healthy, version of your website to revert back to.

When it comes to accessing your WordPress site ensure that your passwords are strong and your username is not “admin”. We recommend two factor login suthentication for every contributor on your WordPress site. More Security tips can be found here.

Are you Concerned you Have Been Hacked?

If you suspect you have been hacked, we offer a free website clean for any WordPress website that needs it.

If you need further guidance with protecting your WordPress site from a hack our WordPress security experts are available and happy to help. Additionally, more information on our super-secure Managed WordPress Hosting packages can be found here.