This section explains how WordPress customer information can be leaked if WordPress is hacked.


If WordPress is hacked and tampered with, will it lead to a leak of personal information?

We received the following question from a client whose WordPress was hacked and we performed malware removal on their behalf.

Our company’s website sells products on the site, and the customer information is recorded on WordPress. Is it possible that this customer information has been leaked as a result of the recent site tampering?

99% of the purpose of WordPress hacks is not to leak information.

Almost all hackers’ motives for hacking and tampering with WordPress are the following three

To increase traffic to another site through SEO hacks, such as redirecting users to your site or linking to another site without permission.

To induce users of your site to install malicious software, either directly or via another site.

Forcing users of your site to access a fake login site to steal their login information.

To do this, hackers attack WordPress sites at random, finding only one vulnerability that can be exploited and defacing it. Hackers are rarely located in Japan.

In most cases, hackers do not know what kind of customer information is on the site, and they simply use mechanical hacking tools to find a site where they can exploit a vulnerability, and embed malware or backdoors with a certain degree of predetermined behavior.
(If a hacker hacks into your site with the purpose of stealing customer information, the hacker will not leave any symptoms on the site and will steal only the information. If there are symptoms of hacking tampering damage, it is highly likely that the hacker is not trying to steal customer information.)

Therefore, it is unlikely that customer information on WordPress will be stolen and used in some way just because WordPress has been hacked and t ampered with.

Sites that store customer information on WordPress need to be more security conscious.

However, if a hacker installs a backdoor with a database export function or adds an unauthorized user who can log in as an administrator, it is possible that customer information could be downloaded from the WordPress administration screen.

It is also impossible to know if a hacker has committed such an act of downloading information without examining the detailed server logs (which are not taken on many servers).

Therefore, although it is unlikely, if WordPress has been tampered with, we cannot be sure that customer information has not been leaked.

We believe that sites where customer information is managed and recorded need to be more careful about hacking than general information transmission sites where only administrator users exist.
If your site has been hacked, we recommend that you take immediate steps to remove malware and implement security measures.

Reference article
5 Free WordPress Security Measures

Free WordPress: Malware Scan & Security Plugin [Malware and Virus Detection and Removal]