Am I really at risk of being hacked?

Yes, you are at risk for a hacked website.

It’s not always super likely but it’s more common than you think.

Blue wooden background with text overlay saying: Human error is one of the easiest ways to make your computer vulnerable. Solve this by taking security checks seriously. Make sure your passwords are different on every site and check regularly on the users that have access to your website

Why would someone hack my website? My website is new / my business is small / I’m insignificant.

The short answer is because they can.

The long answer:

Your Reputation

Your website isn’t spammy. You don’t have loads of links or pages that try to steal visitors’ email addresses, bank details, social media logins etc.

You don’t spam, or steal details and this makes you shiny and brilliant. You’ve created trust on your website and you’ve cultivated a strong, positive, online reputation in the world of websites.

By hacking your website, someone or something can install malware, try to ‘phish’ for people’s personal information, and redirect your links to spammy websites. Sometimes that redirect means websites that are morally questionable and definitely not suitable for work!

If you’re new or just a small business then you’ll be getting traffic and traffic is a gold mine for those with ulterior motives!


Basic security is so important.

It doesn’t take much to implement. And it’s usually enough to deter casual hackers, bots, and opportunists.

Usernames and Passwords

Make it harder for others to hack your website. You can do this by reviewing basic security and tightening up simple things like your login details. Your username should not be:

  • Admin
  • Your first name, last name or full name
  • A name listed on your website (your team etc.)
  • Your business name
  • The email address listed on your website
image shows a collage of images. A mac keyboard on a blue background, a mac computer in a white office, and a mac keyboard on a pinkish background with a purple notebook and a pair of glasses.

Your password should be secure. You can try different combinations of random words, letters, numbers and symbols. The best way is to use a secure password generator. Programs like Lastpass have secure password generators installed.

By securing these things you make it more of a challenge for someone to casually hack your website.

Install Security Plugins

Choose a security plugin that makes sense for your business. Most will help block attackers using their IP addresses (the online identifier). This means they won’t be able to see your login page!

Some plugins are more complicated than others, but a solid Google search will help you find the right one for your website.

I love WordFence (this isn’t a paid advertisement!). Wordfence, in particular, sends an email when an admin logs into your website and they provide weekly updates on how many website hacks were attempted.

Update Plugins, Themes, and WordPress

Update your site. The plugins and themes you use are written by real people and mistakes happen, loopholes crop up, and things can become outdated. The good plugins and themes release regular updates to help keep them secure.

And if it’s not a human error in coding then it’s improved attackers. The online world changes constantly, so developers often update their plugins and themes to match trends and developments in cybersecurity. Updating your WordPress website just makes it that bit harder for someone to hack into it.

Why would someone hack my website? the short answer: because they can. Each word is set against a blue/green line. All of it is on a white background/

Reputable Plugins and Themes Only

Also, check out the plugins and themes you buy or install. Not all are made equal. Imagine that you’d put all this work into transforming your website into a secure online space only to download a dodgy plugin giving access to people who wanted to hack and use your site for unsavoury deeds! Be sure to research your plugins before installing them.

Make sure they offer regular updates. Most of the time, their plugin pages will tell you the last time they updated. You’ll want to make sure that they updated within the last 6 months at least.

Thinking “Why Would Someone Hack My Website?” Is A Waste Of Time.

It’ll Never Happen To Me

The Cost of Security Breaches

Not updating your site costs money. But that cost is relatively little in terms of other losses you will face. This is particularly true on a WordPress site.

If someone hijacks your website and uses it for spam you could be blacklisted on search engines and social media. That’s a huge loss to your business.

It’s also important to remember the loss of confidence your visitors (and advertisers) will feel if your security is breached. Especially if your breach involved data, malware, or spam in some way.

You’re harming more than just your cheque book.

It’s well worth the hour a month it takes to do updates and the 10 minutes it’ll take you to change your password. You can maintain your website easily and efficiently.

Woman under a green blanket, her hand resting on a purple laptop keyboard. Text overlay says: Best business simple steps for a secure website. Takes less than 15 minutes a week.
White background with stationery and keyboard flat lay. Hexagon contains text: your website: why would someone hack me? the why and the how to avoid the worst.
background shows a desktop with a starbucks mug, mac computer, and a desk lamp. The hexagon overlay has text that says: keep it simple. Avoid website hackers. Website security 101.