WordPress provides foundation framework for many websites to publish text, image, and video content to the World Wide Web. It’s an easy platform for people to start their business on, and why now more than 32% of websites that run on the internet run on WordPress.


Why Do I Need To Do Backups and Updates
On My WordPress Run Website?


WordPress has always been an attractive target for most hackers and other form of cybercrimes. Which is one of several reasons I STRESS to my clients to be sure to do backups, as well as make sure they have their themes and plugins up to date at all times. NOT to mention the MESS that can happen on a website, should you decide not to stay updated on your plugins. If you let them go too long….and too many updates have happened, this could lead to your site breaking as well!

It could take a developer hours to figure out what broke your website!

Which means it WILL cost you hundreds of dollars to get your website back up and running again!

In this article, we will discuss the most common ways in which WordPress sites are compromised, and what you need to do NOW to protect your business!


Ways Hackers Attack Your Site,
That You May Not Even Realize!


Command Injection

WordPress operate on three primary layers: the application server, the web server and the database server. But each of these layers are operating on hardware with specific operating system, such as MS Windows or pen source Linux and that is a potential vulnerable area of being attacked. In this, a hacker will enter malicious information in the text field or URL, similar to SQL injection.

Certain internet-connected cameras have found to be especially vulnerable to command injection attacks. Their firmware can improperly expose system configuration to outside users when a rogue command is issued.

Cross-site Scripting

Also known as XSS, targets the JavaScript elements on a webpage instead of database behind the application. With this, the hacker adds JavaScript code to a website through a comment field or other text input, then that malicious script is run when users visit the page and simultaneously outside visitors private information is being compromised. The rogue JavaScript will typically redirect users to a fraudulent website that will attempt to steal their credentials and other identifying data.

File Inclusion

Common web coding languages like PHP and Java allow programmers to refer to external files and scripts from within their code. The “include” command is the generic name for this type of activity.

In certain situations, a hacker can manipulate a website’s URL to compromise the “include” section of the code and gain access to other parts of the application server. Certain plug-ins for the WordPress platform have been found to be vulnerable against file inclusion attacks. When such hacks occur, the infiltrator can gain access to all data on the primary application server.


Certain malicious code can be inserted in your word press by way of theme, an outdated plugin or script. This code can extract data from your site as well as insert malicious content and can cause serious damage if it goes unnoticed for any length of time. This WILL RAISE your hosting expenses as large amount of data is transferred or is being hosted using your site.

DDOS Attack

DDOS attack i.e Distributed Denial of service is the extended version of Denial of service (DoS) in which large volume of requests are generated to a web server which makes website slow and ultimately it crashes. The difference is that DoS is executed via single source while DDoS is an organized attack executed via multiple machines across the globe.


So now you are familiar with various word press vulnerabilities.

It is worth noticing that updates play a crucial role in keeping the security intact on your website, and whenever there is any unusual activity, you will be able to start digging until you find the problem and solution too.

As I mentioned earlier, if you ignore updating your themes, plugins for a long period of time it will cost you thousands of $$ to get the help you need to restore your website and get you back online making money.

ONE Last Note for Business Owners with Membership Websites or an eCommerce Store


This part concerns me, as I help many clients handle their membership or eCommerce websites. If I’m selling information or I’m using WordPress as a shopping cart or as a membership site. I need to make sure that people who have paid for things still get access. If someone is paying me on a recurring monthly basis and the site goes away, not only have I lost my site, I’ve lost my monthly recurring income.

In many cases there’s no way to get it back. If someone is paying you on a recurring basis and there is a certain transaction ID and a certain number associated with that person paying you month after month. It’s very difficult to set up the site exactly the way it was and associate that person paying monthly to that user account they had on your WordPress site.


Stop Telling Yourself:

  • I have time. I will wait till tomorrow.
  • I have more important things to do in my business right now.
  • I am not sure what I am doing.
  • I’m afraid if I update the plugins, I will mess something up!

Tomorrow is never certain! You protect your home, your family, YOU also need to protect  YOUR business! Putting off till tomorrow has never really worked out for people….then you will be saying “I wish I had kept my plugins up to date, and had a recent backup”

I have had this happen to me YEARS ago. I lost everything! I had to start all over and it took me months to fully get my website back to where I had it.

I don’t worry about this anymore, because I practice what I preach! BACKUP! BACKUP! UPDATE! UPDATE! At least twice a month! However I would advice you to at least do backups whenever you make a major change to your website, EVEN if it is JUST one page!


Does the Thought of Doing Your Own
Backups and Updates Scare the Wits Out of You?


Then fear no more!

Best Intuitive Websites offers an amazing package that will not only save you money, and time, but give you ease of mind that your site is fully updated and backed up every other week!

PLUS we install a security plugin on your website that will help keep track of what is happening behind the scenes of your website. So, if something should happen the problem can be quickly identified, and blocked.


For More Information Click the Button Below:

Rebecca has been looking after our websites for as long as I can remember. We simply could not manage without her.  She not only takes care of the day to day operations, she is there with lightening speed for any emergencies that arise.

Most recently, our site was attacked by credit card checkers. They find a small operation and test thousands of credit card numbers to see which ones go through so that they can then use the cards for large expenditures.  This attack caused complete chaos in our system and we were in jeopardy of having our merchant account closed. As soon as we were hit, we reached out to Rebecca and in very short order she put systems in place to block the attackers from even being able to use the cards on our website.  She again came to our rescue. 

We are very grateful for her knowledge and swift action that kept and continues to keep our website safe, and functioning optimally.

Brenda Eastwood, RNCP

Author and Women’s Health Specialist , Hormone Roller Coaster