WordPress is run on more than 76 million websites. This makes learning to hack WordPress a valuable skill for hackers. Hackers are looking to hack your WordPress site for many reasons. Most of these reasons come down to money; they are looking for ways to make money with your hacked website. Three of the most common ways to profit from your hacked WordPress site are your traffic, your data, and your reputation.
Monetize Your Traffic
Just like you want to monetize your traffic, hackers can do the same. With a compromised website, they can put their message (and links) in front of your audience. Instead of seeing your message and your ads, affiliate links, or buy buttons, your audience sees theirs. But they get your credibility – and your reputation is the one who gets trashed.
Yet, a more common way to monetize your traffic is by uploading malware to your site that then installs on your visitors’ PCs. This malware can be ransomware. This is software that encrypts the target computer’s data. Then it displays popup demanding payment – often in Bitcoins – to decrypt the data. A lot of people pay this fee to get their data back.
Another type of malware that could be loaded would turn your visitors’ computers into a giant Botnet. A Botnet is a group of computers running special malware that allows the hacker to send out commands and have them perform certain functions. The Botnet could be ordered to flood a particular server with traffic, or perhaps perform a coordinated hack. Modern security software may take a single computer 1000 years to hack. But get 100,000 computers in a Botnet, and that time is significantly reduced.
And unlike ransomware, a Botnet is designed to be undetectable by the infected computer. Thousands of computers are still infected with Botnet software that has long been defeated by security software.
Monetize Your Data
Hackers are after two types of data to monetize. The first type of data is customer data. This is especially valuable if you store credit card information and/or passwords in your database. They can take this data and use it for credit card fraud, identity theft, or just sell it to others looking to do the same.
Also, you may have valuable proprietary data – such as digital products, software, or secret recipes. This is valuable to someone. The hacker could be an opportunist looking for valuable data to sell. Or, they could be hired by a competitor to retrieve your data. In any case, if you have valuable data on your site, then some hacker may want it.
Improve Their Reputation
Have you noticed how experts can charge more if they are recognized as the best in their field? The same goes for hackers. So a hacker might hack your website to build their reputation. They don’t hack websites and replace the home page with an image and the words “Hacked by X.” It’s their version of a business card or billboard. The greater their reputation, the more they can charge for their illegal services.
What Can I Do About It?
Okay, honestly, if a hacker really wants into your site, they are probably going to get in. But it’s very, very rare for a hacker to want in that badly. Most hackers are looking for the low hanging fruit.
Think about it like a car thief. A car thief sees two parked cars next to each other. One is a $100,000 sports car with the most sophisticated security system in it. The other is a family sedan worth $10,000 and the doors unlocked with the keys in the ignition.
The sedan is a goner.