Last update: 06/11/15
Asking why your website has been hacked or are you vulnerable for an attack? All websites are subject to hackers, no matter where you host them, no matter how popular or unpopular your website is, your website is subject to being hacked at anytime.
Having 100's of websites on several different hosting accounts like Hostgator, Bluehost and Godaddy, several of these websites have been "hacked" in the past and are still subjected to hack attacks on almost a daily basis. After a recent attack on one of my Bluehost accounts, I started digging a little deeper into why people "hack" a website.
I used to wonder, "don't these people have anything better to do?" The fact is, they don't. in most cases, the reason for hacking a website all has to do with money, in one way or another.
The first thing you should understand is even if you feel your site is small and doesn't get much traffic, don't let that fool you. Even if you feel there is little chance a hacker will find your site, that may very well be the exact type of site they are looking for.
So, after doing some research, here are my "Top 5 Reason's Why Your Website Has Been Hacked", who is most likely doing it and why the hacker is doing it. Though all of these are a nuisance I have the threats going from 1 (the least severe) to 5 (the most severe).
Top 5 Reason's Why Your Website Has Been Hacked
1) Script-kiddies: One who relies on premade exploit programs and files ("scripts") to conduct his hacking, and refuses to bother to learn how they work. The script kiddie flies in the face of all that the hacker subculture stands for - the pursuit of knowledge, respect for skills, and motivation to self-teach are just three of the hacker ideals that the script kiddie ignores. While anyone can be a script kiddie, generally they are teenagers who want the power of the hacker without the discipline or training involved.
These guys (or gals) are the young padawans of the hacker world. They attempt to hack sites for fun, to deface the site or most likely just to tell their hacker-buddies “look what I did”. These types of attacks are “usually” something you can relatively easily recover from, providing you have a fresh backup of your site available.
2) Affiliate scammers: These are mid-level hackers. Generally these people have bots that scan for exploitable areas on websites and will attempt to edit your current site’s pages and/or URLS in order to place spammy links on your site to bad-neighborhoods on the web. The links are sometimes hidden and may be hard to spot, but digging through logs can help to find which files were accessed at the time of the breach and allow you to restore them with a backup.
3) They Want to Use Your Sever. They will use your computer like an internet relay chat so they can discuss openly things they do not want to discuss on their own servers. They store illicit material (pornography, pirated music, pirated software etc.) on your computer so this illegal activity does not lead to their own computer.
4) Website Hijackers: These hackers are the worst and probably what all young, aspiring hackers dream about becoming one day. Website hijackers are in it to win it. Most times they have the most sophisticated bots at their disposal to scan for ways to breach your website or server; once they gain access to your site, they can do all kinds of things to change your website into a spam/porn/gambling/bad-neighborhood type of site.
Sometimes even, they use a technology called cloaking, where it will load the site normally when you look at it, but will generate a completely different view for search engines etc. This type of an attack can be something irreversible. Even if you are able to restore the database and pages back to their original, unedited state, the repercussions associated with being black listed by search engines can make it pointless to try.
5) Information Thieves – This type of hack is generally used to gain information about the web server and if possible the usernames and passwords associated with the website. Once a hacker has this information at their disposal, they can really do anything they want, including all of the above.
There are also instances where they have been able to use this data to gain access to billing, merchant accounts and third party systems. The severity of this type of an attack can no only harm your business, but if you are housing any sensitive information in your database, it could also mean a sizable lawsuit for damages to others.
How to Best Prevent Your Website from Being Hacked
1) Never Use "Admin" as Your Login.
Ya, may sound like 'duh', but still many people have "Admin" as their Login. This could very well be the #1 reason why your website has been hacked. You need to delete that profile and create a new one ASAP.
Solve it all by changing your wp-admin link!
- Custom Login & Access WordPresss Plugin
- Protect WP-Admin, Hide WP & Theme Name Plugin
2) Keep your plugins updated ALWAYS and remove ones that have not been updated by the author for a long time!
Outdated plugins can be the backdoor that hackers are also looking for to gain access and hack your website. If you are not updating your plugins on a regular basis, might as well put at bulls-eye on your website for hackers.
3) Limit Login Attempts
Hackers are using a very common hacking technique called Brute Force Attack to break into sites. For WordPress there is a plugin called “Limit Login Attempts”. With Brute Force Attack, a hacker runs an automated bot that will keep hammering your blog with up to several hundred, or also thousands, of hits hourly, trying to decipher your login code. If you don’t control those attempts, they will keep at it until finally they succeed and gain access to the backend of your site. Once in, they now have the liberty to do whatever damage they like.
“Limit Login Attempts” will block hackers in their tracks by blocking their IP.
4) Remove Unnecessary Files from Your Hosting Account.
WordPress keeps files in your public directory that may contain enough data for hackers to get access to your site. From your hosting Cpanel, locate and delete the following files.
From your Home Directory
From with your Home->wp-admin Folder
5) Be smart and proactive with regards to your website security.
A good security software will lock down all your files, regularly scan and alert you to any suspicious activities going down on your web site and slam the door in the face of hackers. If you are unsure what one is best for you, contact your Web Hosting company and ask them what one they recommend.
Why your website has been hacked? Bottom line, don't take your website security lightly no matter how big or small, popular or unpopular your website is. Any website is vulnerable to being hacked, including yours.