Make Money Online Queries? Struggling To Get Traffic To Your Blog? Sign Up On (HBB) Forum Now!

Top Vulnerabilities Where Hackers Screw Up Your WordPress Blog


As WordPress is an open source software, hackers can get into the codes and find out the loop holes easily. Also with WordPress you can easily customize the codes to enhance your blog and also at the same time you should be aware that one should make sure of the WordPress security so that hackers don’t get the chance to screw up your WordPress blog. If you’re into making money with your blog, then you should really take this serious. We cannot completely protect the WordPress blog, but at the maximum we can secure the blog so that you don’t be a victim of the basic security issues in WordPress.

WP Hacked

Your Blog security is important on your WordPress Blog, so as a matter of fact, no one would want to see their blog get hacked or screwed up by the hacker. All the hard work which had put in will go waste in minutes. Here am going to talk about some vulnerabilities that WordPress has and thereby where hackers use these vulnerabilities to screw up your WordPress blog. Some of the deadly mistakes which can kill your blog, never take this as casual thing, because I have personally seen on many security forums, where people talk about the issues that they have faced when their blog got hacked.

First of all, You should follow the basic WordPress security measure quoted from the WordPress team. You can follow them here. These are the basic measures smart choices that effectively lower the possible entry points available to screw up the blog.

First let me list out some of the basic security holes.

  • Keep up to date with the latest WP version
  • Change Default Username from Admin to some other name
  • Back up! back up! backup!
  • Choosing the best strong passwords for your admin panel.

If you find what you think is a bug, report it, so that it could avoid turning down into vulnerability.
You can read about the other security measures for admin panel, database security, file permissions, server thing and many more. Read about it here.

Never Use Pirated WordPress Theme

Trying to save few bucks in the premium theme (which most of us prefer for its elegant look and customization), these premium themes are available on torrent download which many people download it and use it on their blogs. But they forget that, the biggest shock is, many of the premium themes which are available on torrents and few warez websites has malicious codes hidden on the theme files which will cause malicious attacks and un necessary bandwidth problems. So the first thing you give access to the hackers is via pirated WordPress themes. Never use them, for that you can always prefer simple minimalist theme from WordPress panel.

Unwanted WordPress Plugins

After the theme level vulnerability, the next most thing hackers dig up is the plugins which you use on the blog. When we talk about plugins, there are two things, the most rated and popular plugins, the next is the new unrated plugins which offers some stupid things. Choose the plugins wisely, never overload your blog with plugins, choose which ever is useful to the blog and install it. Never go for unrated new plugins. Always check out the review of the plugin and the ratings, number of times it has been downloaded and then go for it. If you’re using some popular plugins, then make sure you keep them up to date.

Also here are some list includes some of the most critical WordPress vulnerabilities known to the security community. If you’re much interested to learn about them, you can click this link to find more about WordPress vulnerabilities.

One should understand that, using some best WordPress security plugins can secure your blog from hackers and spammers. I strongly recommend these WP plugins to use on your blog.

  • WP Security Scan Scans your WordPress installation for security vulnerabilities and suggests corrective actions.
  • Secure WordPress Little help to secure your WordPress installation: Remove Error information on login page; adds index.html to plugin directory; removes the wp-version, except in admin area.


Srivathsan G.K of is a writer, blogs about cool Web apps, softwares & WordPress hacks. He contributes to Auto Bike India where he writes about new bikes, cars in India.

Want to discuss your queries and interact with experts? You can connect with HellBound Bloggers (HBB) Facebook group for free!

Join HellBound Bloggers (HBB) and get Instant Updates. We'll also notify you with Great Deals, Discounts and other Interesting Tips. We won't SPAM or SHARE your Email Address with anyone.

Thank you for reading! We welcome and appreciate your comments, but at the same time, make sure you are adding something valuable to this article. If you have any serious queries, suggestions or anything related to this article, feel free to share them, we really appreciate that.

But, if your blog comments are a random "Thank you", "Useful Post", or anything that doesn't actually upscale the article, then we'll be removing them and it won't be appeared below. Thanks for understanding and thanks for connecting with us. If you want to give us any feedback or report any errors, you can kindly contact us and we'll revert back soon.

  • Comments
  • Facebook Comments
  • Comments

    Leave a Reply

    Your email address will not be published.

    You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>


    • Security Expert Ankit Fadia's Website Hacked (Yep, Again)

      […] Top Vulnerabilities Where Hackers Screw Up Your WordPress Blog BioTwitterFacebookGoogle+Latest Posts S.Pradeep KumarCEO & Founder at SlashsquareEditor-in-Chief and Owner of HostLater. He is the CEO and Founder of Slashsquare Network. 20 Years Old Kiddo, Open Source Enthusiast, Tech Blogger, Striving Entrepreneur, and a Typical Engineering Student. Addicted to Blogging, Walking and Messing. Catch him on Facebook and Twitter. […]

    • How to stop WordPress Comment Spam

      […] Vulnerabilities Reference 2 Secunia Reference 3 WordPress Support Tags Vulnerability Reference 4 Top Vulnerabilities Where Hackers Screw Up Your WordPress Blog Reference 5 WordPress WP Security Scan Reference 6 PHP strip_tags Manual Reference 7 PHP preg_match […]

    • Dr. Robert Doebler

      That is definitely true. Free themes and plugins are great, for newbie bloggers where the risk of getting hacked is minimal but for bloggers who make a living by blogging, maybe spending some cash for paid themes and plugins isn't such a bad idea. If you compare the damage of getting hacked versus the money that we will spend on these things, it's a good investment because the time and effort that we spent on our blogs can never be taken back if something goes terribly wrong.

    • Harry Sehgal

      You cant stop the Hacker's from Hacking, the only thing you can do is to make it hard for him to hack. Nice Post.

    • Ray

      There are some things you can do with manually editing .htaccess file to prevent some unwanted activity too. Obviously it won't stop or prevent everything, but any additional security measures one adds can be helpful. Like you mentioned always good to have a file and database backup just in case. Good tips.

    • Kavya Hari

      Great tips, Sri 🙂 Keep on giving some valuable post on here 🙂

    • Satish

      I saw many of the sites screwed up just like that by installing some php script plugins. so never install the plugins which are not certified or fan made.

    • Uttoran Sen @ Current Health Articles

      Nice security tips, i guess making regular backup is an absolute must. I will try the security scans now, haven't tried them before.

    • vishnu

      I never knew wordpress premium themes are available in torrents lolz:D

    • Jim

      I don't understand this post. You say the you have to change the default admin name into something else to make your site more secure.

      Well, your username is now <b>srivatsan</b> and I don't see why this one is more secure than admin…

      Please some more explanation coz I'm confused.

      • S.Pradeep Kumar

        Jim, Srivatsan is our guest author. He posted this article via his 'contributor' account and not 'administrator' account.

        This is my (admin) author URL : (now this shows as 'admin', but the username is not)

        This is Srivatsan's author URL :

        Cheers. 🙂

        • Jim

          My point is actually that it isn't hard to get the admin login name. So whether you change it from admin to something else, it doesn't matter that much. Better have a strong password and update WP as soon as there is a new one.

          Or even better, just create a new user, let's say 'Jim', and give him admin rights. Leave your admin there, but give it subscriber rights. As soon as hackers are happy that they've cracked the admin password, they find out that they can still do nothing… 😉


          p.s. Your login name is admin, right?

    • Rakesh

      Thanks for sharing. We must use strong password and should not share it with any one. 🙂 Covered all important points.

    • Amandeep Singh

      Taking into account the loss a wp hacked blog causes to you as a blogger.. these are very good points worth considering…

    • shyam jos

      thanks for the share , good pints to check out!

    • Jojo Mathews

      That's really awesome post Srivathsan…. I always use WP Firewall 2 in my blogs.. It helps a lot…

    • Praveen

      I got spammed by a contributor!
      His spam post was published without my approval. Thanks for this post I am gonna scan my wordpress 🙂

    • Paul Salmon

      Nice list of security issues. I have known many people that have had their WordPress blog hacked. Some of them had a backup, while others didn't I backup my WordPress blog on a nightly basis, so I'm prepared if I need to restore from a backup.

      The one major security area people probably don't pay too much attention to is in the creation of passwords. Having a password that is at least 10 characters in length with a mix of alphanumeric, and special characters is preferred. The longer the better.

    • Anu @ New Trends

      I'm not using wordpress as yet but I'm soon going to move to wordpress, now I'm already prepared for the chances of hacking.

    • Riya @ Couponseasy

      Hacking is been great concern for every online work and you need to be prepared yourself in advance to reduce the chancing of hacking. These are really great points to care about.

  • Facebook Comments