WordPress is a great website platform and I highly recommend it. The problem is, with fame comes attention, and in this case it’s attention from hackers.
WordPress website hacks and attacks are dramatically on the rise. The biggest threat is what is known as a “malware injection.” A malware injection is when a hacker gets back-end access to your WordPress website, most likely the database component of your site, and installs a script that probably redirects your website visitor to another website. It might also download a virus or malware on your visitor’s computer.
Not only is this an obvious problem and bad experience for your website visitor, but another problem is created. Google quickly sees your malware infected website and will put a nasty label next to your listing when it appears on a search engine results page. If you don’t take care of the problem immediately Google will drop your website from the index completely.
Last week I got a call from someone who’s WordPress website had been infected with malware. Google had labeled it as dangerous and if you clicked through on the link at Google it redirected you to a “adult entertainment” website. Not a good thing! It’s a lot of work to get this fixed and get back into the good graces of Google. https://support.google.com/websearch/answer/45449?hl=en
The best defense is a good offense. The two best ways to proactively keep your WordPress website from getting hacked are (1) keeping your WordPress core software up-to-date, and (2) keeping any plugins you are using up-to-date. The plugins you use (a) should also be from reliable authors, (b) have thousands of installs, and (c) have many positive reviews in the WordPress plugin repository.
Both of these things are relatively easy to do through your WordPress Dashboard and will provide you with 99.9% protection from malicious hacks.