How Good Sites Get Hacked

Getting hacked is one of the most frustrating experiences you’ll face as a site owner. Unfortunately, even if you have bolstered your site’s defenses, about 30,000 sites are hacked daily and it’s likely your site will fall prey sooner or later.

These are the main ways hackers can gain entry to your site:

  • Software vulnerabilities When hackers find a security hole in the core software, plugins, themes or scripts, they can exploit to get into your site by injecting their own scripts.
  • Backdoor exploits A file (backdoor) is placed among your site’s files. It includes a script, which allows a hacker repeated entry into your site while remaining undetected.
  • Brute force attacks This means guessing your login details. If you use the default “admin” or “administrator” usernames and weak passwords, you’re giving hackers half of the details needed to login into your site.
  • Improper file permissions You can set permissions on all your files, which means you can set who can read, write and execute scripts. If you set your permissions too low, a hacker could easily edit your files, inject a malicious script such as a backdoor exploit and hack into your site.
  • Cross-site Scripting (XSS) attacks An XSS vulnerability is code that is written in a certain way which lets a hacker write and execute malicious JavaScript that saves a user’s browsing data. This is done by the way of a link they can send to users of a site to steal any information a user entered while browsing the targeted site. For example, they could steal login details to gain admin entry into the site.
  • Cross-site request forgery (CSRF) This is when a hacker has forged a user request by leveraging code. This means a hacker could make adjustments to a normal request to create a malicious one. Then, since they don’t have admin access, they trick a user into performing an action that authorizes their malicious request for them. This kind of attack could be used in an attempt to trick a user into doing many things including submit their login details for a hacker to use to gain entry into the user’s site.
  • Insecure server – The server your site is hosted on needs to be secure. If it isn’t, hackers could use your server’s security holes to infiltrate your site.
  • Malware and viruses – If you have a virus or malware on your computer, hackers can use these to get into your site.

* Items marked in red are ones that Level One addresses.

The trouble is, the list above isn’t an exhaustive one and with so many methods available to hackers, it’s almost impossible to guess how your site has been hacked and how you should go about patching the problem which means that it’s far more complicated to fix a hacked site and keep it from immediately getting hacked again than it is to keep it from getting hacked in the first place.

Help keep your site from getting hacked.  Sign-up now for our Annual WordPress Security Updates package.  We regularly monitor your site and keep the software updated as new patches are released.  If your website does get hacked, we will take care of getting it fixed as part of this plan.

Menu