WordPress is an open-source content management system (CMS) that is used to power millions of websites and blogs. Its usability, extensibility and mature development community make it a popular choice for charities and civil society organisations. In fact, 44% of NGOs worldwide use WordPress according to the 2018 Global NGO Technology Report.
Since its inception in 2003, WordPress has undergone continual hardening so its core software can address and mitigate common security threats. However, websites powered by WordPress are far from immune to attack. Common routes for hacking a WordPress website include:
- Vulnerabilities on hosting platforms
- Security issues in WordPress themes
- Security issues in WordPress plugins
- Weak or reused passwords
- Phishing of users, particularly administrators
- Out-of-date WordPress installations
Most websites are hacked simply because they can be; hackers use automated scripts to find known vulnerabilities and hack numerous sites at once. However, rights-based organisations, independent media and advocacy groups also face the threat of targeted attacks by government, corporate or criminal interests intent on taking down or sabotaging your website. Whatever the motivation of the threat actor, an attack may leave your organisation facing among other things:
- Exposure of personal information
- Fine from the information regulator
- Website taken offline
- Campaigns and other activities undermined
- Financial cost of recovery
- Reputational damage
- Website spam blacklisted
Our highly-experienced WordPress security specialists can identify any vulnerabilities in your server set up and WordPress installation. We can work with your technical staff and our trusted partners, including Access Now and Cloudflare, in order to harden your website as much as the functionality you require will allow.
Our team can also help ‘unhack’ and recover your website following an attack.