WordPress on footer of a website is something I see some people do regularly. They leave the powered by WordPress messaging on the site. The reason why this happens is that the theme being used is free and not premium and by defualt will put this messaging as well as theme tags.
Now WordPress is designed to allow people who don’t know coding to create websites. This is a good thing and part of the reason why WordPress is so popular. However there’s a major drawback and security issue to having powered by WordPress on footer of a website.
Bad actors in places overseas will often times use scrapers to find websites that have this powered by WordPress on the bottom and it is an open attack vector. The more that a website is advertising that it’s using WordPress, the more likely it’s going to get targeted by hackers.
The reason why WordPress can be hacked so easily is that the database is a common structure (open source) that is very very popular and easy to attack. The way that most WordPress sites get hacked is through a SQL injection.
What is a SQL injection?
SQL injections are a way that code gets injected into a database using a vulnerability. Basically malicious code will become spread across many of the common site files like a shot gun blast. Some of the code files are able to recreate more malicious files even when they are cleaned up by hand. Other malicious files will do something for the exploiter, like post spam links that bring in revenue when visitors click on them.
Vulnerabilities are patched through theme and plugin updates and core WordPress updates. When a WordPress site is not updated regularly, it is much more likely that a SQL injection will occur. What we want to do as developers or owners of a WordPress site is limit the amount of attack vectors that are present.
Limiting WordPress on Footer Attack Vectors
It’s not possible to completely eliminate all attacks on a WordPress site. That’s why I encourage having a firewall and backups in place. If no firewall and back up services are in place, a site owner is really rolling the dice and most likely will be hacked and may even lose the website at some point.
This is just the way it goes with using WordPress. With a firewall and back up service in place, site owners can rest assured that no matter what happens they will always be able to protect the site and clean the site up if it does get infected.
But I highly encourage removing the powered by WordPress on footer tag and then the theme tag as well. If you don’t know how to remove these reach out to a qualified developer and have them help you for a very small fee.
If you need my assistance removing the power by WordPress or the theme tags from the bottom of your WordPress site contact me here on my contact page.