Attention WordPress Website Owners: Are you inviting malicious hackers to destroy your work?

Get Up-to-Date News Regarding the Latest WordPress Security Threats so You Can Reduce the Risk Your Site will be Hacked

Meet Jenna (not her real name). Like you, she never gave much thought to WordPress security…

…even though she ran her entire business on WordPress. And why not? It’s super easy to install, a cinch to update, and makes blogging a breeze. Plus, there are hundreds of great plugins and themes that allow her to make her sites perform and look better, and she doesn’t even have to think about code at all.

Jenna did some social media consulting, built and hosted websites for a few clients, and had some niche blogs. Things were humming along nicely, and she was really starting to love working online.

Sound familiar?

But then the unthinkable happened. One day she opened her site, and instead of the beautiful theme she had had custom designed, she saw this:

What a WordPress Hack Can Look Like

She visited another of her sites, only to see the same thing. Then a client site. Same thing. Every single site on her hosting account had been hacked. And not just hacked – this attack was catastrophic. It didn’t just add bad code to the WordPress files (which are easily replaced). It completely destroyed her theme files, her images, and all her pdf, mp3, and mp4 files as well. Everything was gone. Every file, every folder, every website on her hosting account.

What happened to Jenna was extreme, but certainly not unheard of.

Sadly, the cause was vulnerabilities found in the very website building system we love: WordPress.

But it could have been prevented, if only Jenna had been paying attention.

Malicious Hackers Find Vulnerabilities in Code Every Day – And Then Use Those Security Holes to Attack Sites Like Yours and Spread Viruses Throughout the Internet

Hacking comes in a wide variety of flavors. Some hacks, like Jenna’s, are simply meant to deface a site. Some hackers are more sinister, using your hacked website to spread viruses or host phishing sites. When you fall victim to one of these hackers, visitors to your site might be greeted with this scary warning:

Sample Reported Attack Page

Can you imagine what that would do to your traffic?

“No One Would Hack My Little Site!”

It’s true that some hackers deliberately target specific sites. Typically, these are the hacks that make the news. When high-profile sites like Bank of America or LinkedIn are hacked we know why they’re targeted – after all, there are valuable passwords and maybe even credit card numbers to be found there.

But hundreds of small sites are hacked every single day, and if you’re not taking steps to prevent it, it’s just a matter of time before you fall victim, too. You see, malicious hackers often attack websites just for fun. It’s completely random. They don’t care who you are or what you do. They don’t care if you run a popular blog with thousands of visitors per day, or if you have three readers. And they certainly don’t care that they might be destroying your business.

Your blog’s popularity and subject matter are not indicators of its level of risk, and believing they are leaves you even more vulnerable, because it means you won’t take the steps you need to ensure your site’s safety.

The High Cost of a Hacked Website

It’s hard to underestimate the hit to your wallet when your site is hacked. By the time you calculate all the far-reaching damage, it can be devastating. It can even put you OUT of business. Consider this:

  • Dramatic drop in traffic – if you rely on Adsense or affiliate marketing, then you know traffic is the key to your success. What if it dried up?
  • Loss of search ranking – months or years of work building backlinks can be gone in an instant if Google notices you’ve been hacked. And if you’ve been blacklisted, you may be delisted permanently.
  • Clean up costs – Plan on a minimum out-of-pocket expense of $300 per website for a professional cleaning. And if you’re running multiple WordPress sites on a single shared hosting account, each one will need to be cleaned or you’ll be at a higher risk of re-infection.
  • Loss of credibility – If your visitors are met with the dreaded “attack site” warning, or worse, if her computer is infected with malware hosted on your site, eventually they’ll stop visiting, and they’ll stop recommending you to others as well.
  • Wasted time and energy – A hacked site can take up to 10 hours to clean and restore, and that’s if you know what you’re looking for. The average website owner trying to go it alone will spend a week or more. Meanwhile, your income has stopped.
  • Site downtime – Hacked membership or forum scripts may result in massive amounts of spam emails being sent from your site, which causes legitimate visitors to be denied access.

The grand total? Maybe just a few hundred dollars. Or maybe tens of thousands. The more you rely on your website for your business – the higher the potential costs.


Join Now


“Am I Doing Everything I Can to Protect My Websites?”

You chose WordPress because it’s easy to install, offers beautiful themes you can switch out in seconds, and because it makes adding new content to your site as simple as sending an email. Plus, if you run into trouble, there are thousands of developers out there who are willing to help.

But its ease of use is often the very thing that leaves website owners like you vulnerable to attack. Easy to install and to use does not mean WordPress is maintenance free – quite the opposite, in fact. As with any website, you absolutely must make maintenance a part of your routine.

First, you must keep your software up to date. The single biggest threat to any WordPress site is an out-of-date installation. Hackers look for outdated scripts because they know just where the vulnerabilities are, and how to exploit them.

Do not put off your updates. And this goes not only for WordPress, but for your plugins and themes and any other scripts you use, like forums or membership software.

But just updating isn’t always enough. You simply can’t rely on the developers to notice – or to notify you – when there is a problem with one of their plugins or themes. Sometimes the problem is simply that the theme or plugin developer has abandoned their project.

How will you know?

You could do an exhaustive search of the WordPress plugin repository to make sure that none of your plugins have been removed due to security issues. But you’d need to do this daily, just to keep up.

You could start hanging out on hacker forums (make sure your anti-virus software is up to date before you visit!) to get the inside scoop on which plugins and themes have been compromised. Then you could contact the developers to see if there is a fix, and either update your files or remove it and install an alternative.

Again, this isn’t something that can be done once a year or once a month or even once a week. This is an ongoing, daily task if you want to keep your site safe.

Karon Thackston Testimonial for

What is all About?

At SafeWP, we’re dedicated to you keep your WordPress websites safe from malicious hackers. We spend our days researching the latest security standards, keeping an eye on the hackers, and investigating newly discovered vulnerabilities. We work directly with plugin and theme developers to harden their security when a problem is found, and we let WordPress know when we find an issue that has not been addressed.

And then we share what we know with our members in an easy-to-read and understand format.

As a monthly subscriber to SafeWP, you’ll get:

  • In-depth reports compiled weekly of the latest WordPress vulnerabilities, so you’ll know right away if your site is at risk – and how to fix it.
  • Helpful articles detailing the best security practices for your website, so you’ll always feel confident that you’ve done your best to prevent hackers from destroying your business.
  • Weekly webinars with our security experts – We’ll help you choose better plugins, understand how to keep your hosting environment safe, and even explain advanced techniques via a screen-sharing session.
  • Access to webinar replays so even if you can’t make it live, you can still benefit.
  • A private group where you can ask about specific plugins and themes, learn about better WordPress security, and share advice with other security-conscious website owners.
  • Exclusive discounts on website cleanup services from Follow the SafeWP recommendations and your risk of attack is lower, but if you do fall victim to a hacker, we’ll do our part to get you up and running quickly and with minimal expense.

Who is SafeWP For?

SafeWP is for website owners, virtual assistants, developers, designers, or anyone in charge of a WordPress installation. Whether you manage one WordPress website or many, your top priority has to be security.

We help you discover the vulnerabilities so you can implement a solution, fast!

At just $24.98 per month, it’s a WordPress security tool you can’t afford to be without.


Join Now


Our No-Risk Guarantee

We want you to be satisfied with your membership at, so we’re offering you our 30-day, no risk guarantee. If you discover that your membership to is not beneficial and does not help you protect your WordPress website from attack, simply contact us within 30 days and we will cheerfully refund your membership fee.

Better WordPress security is just a click away. Take the necessary action today to keep your sites safe tomorrow and into the future, when you join

We’ll see you on the inside!

Regina Smola

Regina Smola

WordPress® and its related trademarks are registered trademarks of Automattic, Inc. This site is not affiliated
with or sponsored by Automattic, Inc., the WordPress Foundation or the WordPress® Open Source project.