Can WannaCry ransomware attack my website?

The short answer is no. This latest virus update has been written to attack windows systems and your WordPress site should be running on a Linux based server. If it runs windows server, it would have to be Windows Server2003 and then somebody would have to open the email on a PC in that network. All pretty unlikely. You may have an old windows XP machine in the office, or at home. They are most vulnerable and need the patch update from Microsoft.

WordPress Sites are most often attacked in a similar way to this Ransommeware.

Virus software breaks into systems by exploiting a fault in code that allows them to start their attack. Attacks on WordPress are classified by us within two groups.

  • User Created – Either a user has used a poor username and password which software can ‘guess’ and therefore gain access, or a user ‘gives away’ their password by installing ‘bad’ software which reads them log in. You could always install a badly written plugin that is open to hackers.
  • Software fault – Many hacks have been performed when a fault in the design of a plugin, or WordPress, allows code to break into the site and run. This has often been because changes in other software, which requires a fix to be added. All of the recent large hacks that we are aware of have been due to these software faults, where the creators have fixed the software, but user sites have not installed the updates and therefore left themselves open to attack.


Make sure all WordPress and Plugin updates are checked for an updated at least weekly. Always take a backup prior to running the update, so if there are any problems, you can return to the state prior.

Be careful what apps and software you run on your desktop or mobile device. Be sure these will not gather data to allow them to your website later.