Why does my website get hacked?

By Michael, 30/03/20

Hopefully it hasn't happened to you, but you've no doubt heard about websites getting hacked, but did you why they get hacked?

Before we get into "why your website gets hacked" let's look at the reasons - there are two main ones:

1. Deliberate attacks.

These are the ones you hear about on the news. It is when some big company gets hacked because someone has decided to target them and find a way to ether deface the website or steal information - which is typically the hacker's goal.

2. Chance.

Getting hacked by chance isn't really someone targeting you specifically, it's a hacker (or a script they have written) trawling the Internet looking for websites with vulnerabilities. If you have been hacked before it's probably because of chance.

Why you get hacked

Assuming you fall into category 2 above there are a few reasons why:

Poor passwords.

If you have an easy password on your hosting account, email or website CMS then you're just opening yourself up for hacking. Hackers can run scripts to brute-force guess your password to gain access to your website.

You should ensure you have strong passwords; in fact we wrote a blog post on this.

Don't forget too, to ensure you don't re-use your passwords. If someone gets in to your email, then they can respond to any of those "password reset" emails you may send.

Out of date software.

Chances are that your website is built on a Content Management System (CMS) and in some ways you can liken these to the operating system on your computer - it is the software that makes your website run.

Like any software, your CMS (and any third-party plugins) need updating to fix issues or security risks, so if your CMS software is out of date then your website is vulnerable. All the top CMS platforms have automated notifications that updates are pending.

Pro tip: when you install plugins on your CMS make sure that you have real need for it and select one from a developer with a good reputation for quality and regular updates. This can help reduce your risk of being hacked.

Bad hosting.

A lot of people don't see the value in high quality hosting because they can get cheap hosting (typically from overseas) for $5 per month, but it can make all the difference to your website.

Web hosts need to be all things to all people: their servers provide a lot of options for configuration by the user, and also some not-so-secure methods for connecting (e.g. FTP), and their firewalls tend to be quite open to allow for flexibility.

You want to find a host who takes security seriously, even if it costs a bit more because the cost to your business of being hacked could be huge.

What do hackers hope to achieve?

This again depends on if you're being targeted or not. If you are the target of a specific hack it can be to either steal information on your customers - for example if you run an online store and hold credit card information (why you shouldn't store credit card details is another story), or the hacker wants to deface your website to hurt your business.

If your attack is purely by chance it can simply be for the thrill of it, or as is most likely to use your website to send out spam or phishing emails, which often the first you know about this is when your emails suddenly are no longer delivered, or you webhost suspends your account.

What you can do to prevent being hacked

No one is 100% safe from hacking, but there are things you can do to reduce the risk:

  1. Use secure passwords (and do not re-use passwords)
  2. Keep your website software up to date
  3. Don't install random plugins just for the sake of it
  4. Ensure you use a reputable and quality web host
  5. Make sure you have regular backups of your website and keep them off-site (e.g. not on the same server as your website)
  6. Check your website daily to ensure that it is working OK
  7. If your email is hosted with your website, check you haven't been blacklisted - you can pop your domain name into this tool

At Mity we provide secure Australian-based hosting to our clients, and by only hosting sites we develop we can be sure of what is on our severs. We also have tight security and a highly configured firewall to protect us and our clients.

We also have monitoring for individual websites that alerts us to any unexpected changes to files that may indicate a hacking has occurred so action can be taken immediately. Does your webhost?