What Do Hackers Do With Compromised WordPress Websites?


We take website security very seriously and have installed WordFence Security on all of our webistes. While WordFence helps guard against most known attacks, there are still things you, our clients, need to remember. Never share your login or password with anyone. It is better to create a new user role for each person making changes to your website. Also, always use a strong password and don’t include the name of your website, your name, or “admin” in your user name or password.

We often talk to site owners who are surprised that their sites are targeted by attackers. Most of them assume that if there isn’t any juicy data to steal, like credit card numbers, that compromising their site is a worthless exercise. Unfortunately they are wrong. Aside from data, a compromised site’s visitors can be monetized in various malicious ways. The web server can be used to run malicious software and host content and the reputation of the domain name and IP address can be leveraged.

What did the hackers do to your site? Here is a list of the most frequent effects of a compromised website:

  • Defaced Site / Took Offline
  • Sent Spam
  • SEO Spam
  • Malicious Redirect
  • Host Phishing Page
  • Distribute Malware
  • Steal User Data
  • Attack Site
  • Ransomware

*Reprinted from: WordFence Blog

To read more about WordPress hacking and what’s in it for the hacker, click the link above.