Saturday, March 25, 2023 |

Wordpress Vulnerabilities: Hacked & Unauthorized Users


Wordpress Vulnerabilities: Hacked & Unauthorized Users


Photo by Moritz Erken on Unsplash

Why I Deleted My Wordpress Sites

It was unanimous, if you’re striving to work with big business (B2B), you need a Wordpress website for your blog. 

I did research and it seemed to be sound advice. 

I was so excited when I purchased my Wordpress website. I spent hours tweaking it exactly down to the last detail. 
It was a learning curve. I was proud of what I had  accomplished. 

I was so excited when I purchased my Wordpress website. I spent hours tweeking it exactly down to the last detail. I was proud of what I had accomplished.

I’m not code savory, so I watched hours of YouTube videos from the top website builders.

It was also recommended to use Bluehost as my hosting provider. Within a month, I went live. I had auto updates ticked for all theme and plugins. I focused on writing blog posts.

I’d tweak my site, when I visited it. Sometimes that was several times a day.

Then, I got an email update from Word Fence. A new user. I deleted the user and updated all passwords for WP, email and Bluehost.
I used Apple generated passwords. I changed my WP user name. Things were good again. 

I focused on writing blog content.


I was focusing on building my email list. With the intention of working towards Affiliate Links. amazon, Pinterest, and Canva. I knew nothing would happen overnight. But, I had a plan to work towards.


Photo by Kenny Eliason on Unsplash

Another Round of Unauthorized Users

I called Bluehost. They claimed that they were getting in through Wordfence. Despite changing passwords and user names there were 8 unauthorized users. I was beyond pissed! I tried:
  • Hiding my wordpress admin login page
  • Took my name as an author for blog posts
  • Added enhanced security plugin
  • Made sure theme and plugins were auto updated

I was over it! The calls to Bluehost to fix my compromised sites was getting old. It wasn’t worth the trouble. And it was stressful.

YouTube has plenty of videos about Wordpress hacks. It’s open source. The internet has about 60% of Wordpress websites. From big business to personal sites, like mine.

Many of the website security breaches attribute to Wordpress hacks. That doesn’t sit well with me. I was fortunate that I wasn’t relying on a revenue stream either of my sites.


Photo by Christin Hume on Unsplash

A New Strategy

I discovered Medium and have been writing with them for about two months. It’s perfect. I don’t have to worry about security issues. I focus writing.

No worries about getting hacked. Plus, I can share my writing on several social media platforms. And free.

I created 2 new blogs on Blogger. Which is free. And it’s owned by Google. I’m waiting on a transfer from Bluehost to Google for my domain. I purchased a new domain from Google.

There are any options out there: Squarespace, Wix, Webflow, Zyro, Ghost, and many more. Do your research. 

Determine what works best for you.

I’m not slamming Wordpress, by any means. It may work for some people. It’s not for me.


In Conclusion

This was my experience with Bluehost and Wordpress over 8 months. I don’t need an elaborate site. I’m not expecting a 6-figure income from my blogs.

I want to write posts to help people in my chosen niche. I want to connect with like minded individuals through my blogs.

I don’t want to worry about getting hacked. I love writing on Medium. It’s simple and functional.

This is my first post on this new website.

I hope this experience, helps someone. Especially, if you’re considering a Wordpress site. Be aware of the security vulnerabilities.

This is the facts of my encounter. I’m certain I’m not the only one with hacked websites on Wordpress. 

Good luck with your sites. Here’s hoping you don’t get hacked.