Worldwide WordPress Hack - And Why You Should Consider Moving Your Website To A Different CMS
by Will Williamson on 17-Sep-2020 12:49:23
Over the past week our development team have been fending off a significant cyber security attack on a number of websites we host, part of a worldwide hack attempt affecting over a million websites. In light of the scale and sophistication of this attack, we are no longer recommending WordPress as a website platform.
So what is this hack, why did it affect WordPress websites and what are the alternatives to WordPress?
What is the hack?
WordPress is a content management system (CMS), a platform for building websites that can then be edited and updated.
There has been a significant hack attempt on over a million websites which relates to a specific WordPress plugin called File Manager. File Manager was updated with a new security patch just last week, but it seems as if this plugin was compromised before then. This article explains more: https://www.zdnet.com/article/millions-of-wordpress-sites-are-being-probed-attacked-with-recent-plugin-bug/
This particular malware, however has been concealed within image files, making it very difficult to detect - see this article: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/hiding-webshell-backdoor-code-in-image-files/
The risks of WordPress
According to ZDNet, 90% of all websites hacked in 2018 were WordPress websites. WordPress is open source software, so the code is freely available online to anyone, including hackers. WordPress also needs to be regularly updated to the latest version - if not, older versions can become vulnerable.
Plugins
The basic WordPress platform is limited, and most sites rely on multiple 'plugins' for SEO features, forms, editing/design. These plugins are additional software products built by third party developers - and each of these plugins is a potential door into your website for hackers. The more of these plugins you have, the greater the chance of security breaches if these plugins become unsupported, outdated, or if a hacker simply finds a vulnerability.
Themes
A design shortcut often used to build quick, cheap websites is to used pre-built themes - these themes are also created by third party developers and can't always be fully relied upon for security. Themes, like plugins, will also need to be updated regularly - and if not they can be compromised.
Popularity
WordPress is the world's number one website platform - and the combination of possible vulnerabilities together with the fact it is the platform of choice for so many businesses means it is a target for hackers.
How JDR Group limit these risks when building, hosting and managing WordPress websites
- Limiting sites we build ourselves to 3 plugins, hard coding features to minimise third party plugins and software
- Creating custom themes which we build ourselves, rather than using 'off-the-shelf' themes
- Hosting websites in small, containerised groups of 20 sites so that if one site becomes 'infected' the virus spread is limited
- Installing malware and virus protection on our sites and servers
- Monitoring all our sites for any attempted security breaches
- Monthly updates to all plugins
Nevertheless, the nature of the WordPress platform, the frequency of hack attempts and the easy access to the code which all hackers have means it is very difficult to ensure 100% security.
As a result, we are advising any WordPress customers or would-be WordPress users to consider switching to a different platform.
Alternatives to WordPress
There are many other website platforms available. For information-only/brochure websites, alternatives include Drupal, Joomla, Concrete5, Wix, HubSpot, Umbraco and MODX.
For Ecommerce websites, alternative platforms include Shopify, Magento, Opencart, Prestashop and BigCommerce.
We can build and manage websites in most platforms, however we are recommending using a hosted website platform to minimise the risks of attacks on your website and also to provide the best long-term platform for your single most important marketing asset, your website.
Hosted Website CMS Platforms
In our businesses, we all use hosted, subscription-based software - Office 365, Google Drive, Zoom, Dropbox, Xero, Sharepoint. This type of software does not get out of date, become obsolete or require updating - it is constantly updated and improved as part of the subscription. Hosted website CMS platforms work on the same basis - you pay a monthly or annual fee but then you don't need any maintenance, hosting, or updates. New features are then added and updated over time as the platform improved, and the platforms are constantly updated to be optimised for Google/SEO, for speed, for user experience, and for security.
These platforms are much more secure - the code is not freely available, they have sophisticated security built-in and the don't rely on third-party plugins. There are two platforms in particular which we recommend, HubSpot CMS and Shopify.
HubSpot CMS - For Brochure-Style Websites
Our preferred development platform for information-only/brochure-style websites is HubSpot. A premium platform which starts at £245 per month, HubSpot has no plugins, requires no updates, and has robust security. It has a number of other benefits when compared with WordPress - you can read more in our article comparing WordPress and HubSpot CMS. Beyond security alone, other benefits include:
- Integrated CRM system
- Build-in marketing features including pop-ups, calls to action, email marketing, forms, live chat/chat bots
- SEO tools
- Blogging platform
- Dynamic, personalised content - change page layouts, messages and calls to action according to WHO is visiting your site. This allows you to show a different message to an existing customer vs a new visitor, for example - or to show different messages to customers from different industries.
- AB testing - improve how your website performs by testing alternative versions of your pages
HubSpot allows you to manage all of your digital marketing, your website, your sales and your customer service - all in one platform. For more information go to HubSpot.com/products/cms or book a meeting with one of our team for a demo and to assess your options.
Shopify - For Ecommerce Websites
Shopify is our preferred platform for Ecommerce websites - JDR design and build custom Shopify themes, and Shopify then provides a scalable, powerful hosted Ecommerce website platform. With pricing plans from just $29 a month, Shopify allows you an affordable starting point for a start-up Ecommerce site which can be upgraded and expanded as your online business grows and matures.
In fact, some of the worlds biggest brands build their websites on the Shopify platform, including Heinz, Staples, and Lindt.
Is It Time To Move Website Platform?
If you are thinking about the costs involved in an exercise like migrating your website away from Wordpress, please also consider the cost to your business should a security breach occur on your current set up. Cyber crime is becoming more sophisticated and more main stream. Small businesses are being targeted, it is not just larger firms anymore. If you'd like to consider a new website project, or to migrate an existing website to a hosted CMS platform, then get in touch - you can book a call with us to discuss your options using our online calendar.
- Inbound Marketing (SEO, PPC, Social Media, Video) (810)
- Strategy (350)
- Marketing Automation & Email Marketing (183)
- Sales & CRM (179)
- Website Design (157)
- Business Growth (148)
- Hubspot (129)
- Lead Generation (110)
- Google Adwords (97)
- Content Marketing (93)
- News (46)
- Case Studies (44)
- Conversion (43)
- Ecommerce (36)
- Webinars (31)
- SEO (23)
- Events (19)
- Video (17)
- LinkedIn Advertising (15)
- Video Selling (15)
- AI (14)
- Software training (13)
- Niche business marketing (11)
- The Digital Prosperity Podcast (10)
- Facebook Advertising (6)
- HubSpot Case Studies (2)
- September 2025 (9)
- August 2025 (14)
- July 2025 (14)
- June 2025 (5)
- May 2025 (19)
- April 2025 (15)
- March 2025 (13)
- February 2025 (13)
- January 2025 (8)
- December 2024 (2)
- November 2024 (4)
- October 2024 (21)
- September 2024 (4)
- August 2024 (8)
- July 2024 (14)
- June 2024 (16)
- May 2024 (25)
- April 2024 (15)
- March 2024 (18)
- February 2024 (5)
- January 2024 (10)
- December 2023 (6)
- November 2023 (10)
- October 2023 (13)
- September 2023 (12)
- August 2023 (14)
- July 2023 (13)
- June 2023 (14)
- May 2023 (15)
- April 2023 (13)
- March 2023 (14)
- February 2023 (13)
- January 2023 (15)
- December 2022 (13)
- November 2022 (6)
- October 2022 (8)
- September 2022 (22)
- August 2022 (15)
- July 2022 (13)
- June 2022 (16)
- May 2022 (14)
- April 2022 (16)
- March 2022 (17)
- February 2022 (11)
- January 2022 (8)
- December 2021 (6)
- November 2021 (7)
- October 2021 (11)
- September 2021 (10)
- August 2021 (7)
- July 2021 (7)
- June 2021 (4)
- May 2021 (4)
- April 2021 (1)
- March 2021 (3)
- February 2021 (5)
- January 2021 (4)
- December 2020 (7)
- November 2020 (6)
- October 2020 (5)
- September 2020 (9)
- August 2020 (18)
- July 2020 (17)
- June 2020 (17)
- May 2020 (10)
- April 2020 (21)
- March 2020 (24)
- February 2020 (21)
- January 2020 (12)
- December 2019 (23)
- November 2019 (12)
- October 2019 (14)
- September 2019 (16)
- August 2019 (15)
- July 2019 (13)
- June 2019 (6)
- May 2019 (8)
- April 2019 (4)
- March 2019 (2)
- February 2019 (2)
- January 2019 (2)
- December 2018 (3)
- November 2018 (24)
- September 2018 (11)
- August 2018 (9)
- June 2018 (3)
- May 2018 (6)
- April 2018 (14)
- March 2018 (12)
- February 2018 (16)
- January 2018 (15)
- December 2017 (15)
- November 2017 (18)
- October 2017 (23)
- September 2017 (19)
- August 2017 (28)
- July 2017 (27)
- June 2017 (25)
- May 2017 (18)
- April 2017 (17)
- March 2017 (16)
- February 2017 (17)
- January 2017 (14)
- December 2016 (21)
- November 2016 (27)
- October 2016 (25)
- September 2016 (16)
- August 2016 (20)
- July 2016 (19)
- June 2016 (14)
- May 2016 (20)
- April 2016 (24)
- March 2016 (22)
- February 2016 (28)
- January 2016 (27)
- December 2015 (28)
- November 2015 (19)
- October 2015 (9)
- September 2015 (12)
- August 2015 (5)
- July 2015 (1)
- June 2015 (10)
- May 2015 (3)
- April 2015 (11)
- March 2015 (14)
- February 2015 (15)
- January 2015 (12)
- December 2014 (2)
- November 2014 (23)
- October 2014 (2)
- September 2014 (2)
- August 2014 (2)
- July 2014 (2)
- June 2014 (7)
- May 2014 (14)
- April 2014 (14)
- March 2014 (7)
- February 2014 (2)
- January 2014 (7)
- December 2013 (9)
- November 2013 (14)
- October 2013 (17)
- September 2013 (3)
- August 2013 (6)
- July 2013 (8)
- June 2013 (4)
- May 2013 (3)
- April 2013 (6)
- March 2013 (6)
- February 2013 (7)
- January 2013 (5)
- December 2012 (3)
- November 2012 (2)
- September 2012 (1)
Subscribe by email
You May Also Like
These Related Blogs

Mail Order Brides, Pornography & Malware: How Website Hacks Can Hit Your Business
Cyber-attacks don’t just affect large banks and the NHS, they affect smaller businesses, too. Stats vary, but a 2020 UK Government survey of cybercrim …

How Will Brexit Affect Digital Marketing?
Hello there, everyone. Now, hold on – I know what you’re thinking. ‘Not another Brexit article! I’m sick of it!’ you’re thinking. And I get it, I real …

Digital Marketing For Manufacturing Business [Case Study] - Specialist Manufacturers Generate £3.6m Revenue And 5x Increase In Website Traffic
Key Results £3.6m in directly attributable revenue from marketing 5x increase in website traffic Rebrand with new logo, new branding, new brochures Ha …