Why Has MY Site Been Hacked?
“Why has my site been hacked?”. I hear this a lot from site owners who’s site has been attacked, and I inevitably tell them.
“IT’S PROBABLY NOT PERSONAL”
People feel violated about a hacked, and they have a need to know why this particular blog has been targeted. In this blog post I want to shine a light on the motivation behind a hack.
Why Sites Get Hacked?
Sites are hacked for a number of reasons, here are the tops reasons I see:
- For kicks – there is an intellectual challenge to hacking a site, and some people do it for kicks, they will leave a little defacement on your site. It’s not a direct attack it’s just a game to them.
- For SEO – the hackers create links back to their site to improve their own SEO. The more links the more Google will rank your site, so hackers add links.
- For Traffic – the hackers add redirects to their site for more traffic and more business. They capture hard-earned traffic from your site and send it to theirs.
- Phishing – a hacker installs phishing sites on your site to con people into giving over their details. The illegal activity is done on your site, not on one that can be traced back to the hacker.
- It’s an attack – I said it’s probably not personal but sometimes it is a direct attack on your business. I’ll talk about this a little later.
Who Does The Hacking
So the question is who is hacking your site, there are a few groups of people who attack sites.
Black Hat Hackers
These are the hard core hackers that find and open up new ways to exploit sites. These people are frankly brilliant, their technical skills are high, they dig into code and server configurations looking for a route in.
These people find the route into WordPress sites and pass it to the hacking community.
A derogative term for someone using the techniques found but a black hat hacker and exploiting them. They don’t have any real skills, they just reuse other people’s work.
In my experience these are the majority of hackers I come across.
Brute Force Bots
Sometimes it’s not that clever and it’s simply a bot going to your login form and trying common user name and password combinations over and over again.
Install Wordfence and you will see this is a very common thing. Here is a screen dump of login attempts on my site.
Vulnerabilities In Core, Plugins and Themes
The main way people get into word press sites is through a bot network brute force or by exploiting vulnerabilities in WordPress core, themes or plugins.
Using scanning tools they will look for a file on your site from a vulnerability, find it then exploit your site.
There is a great tool called wpscan which can be integrated into systems to scan for issues, I have tools for my maintenance clients to do this, then I close the vulnerability.
They keep a database of vulnerabilities which makes very interesting reading, I can bet a plugin or theme you have used is in the database. https://wpvulndb.com/.
Remember that person I mentioned earlier, the back hat hacker, they are probing all the time for vulnerabilities and are always one step ahead of things. The hacker does not add entries into this database, the security community needs to find these and publish them so the hacker is always ahead of the game.
WordPress Is A Low Hanging Fruit
WordPress powers 27%+ of the internet, it’s a low hanging fruit, finding a vulnerability in WordPress opens the door to more hacking potential than some obscure website scripting system.
This is why WordPress does get hacked, more people are investing time finding loop holes.
Unless It Is Personal
I said it’s probably not personal, but sometimes it is.
Look at your content, is it controversial? Look at what your business does, would it upset people? If the answer is yes hackers may be coming at you personally.
I’ve seen LGBGT and religious sites get attacked. I’ve helped a site supporting Charlie Hebdo with a request security review because they knew they were about to court controversy.
Politics, religion, money difference of opinion opens you up to hackers.
What You Can Do About It
Here are some tips to keep your site protected.
- Have full backups which you save offsite so you can recover from a hack.
- Keep your site updated to close the vulnerabilities as they are found and fixed.
- Harden security on your site, here is a great guide https://build.codepoet.com/tag/hardening-wordpress/
- Install plugins like WordFence of iTheme security to monitor for attacks.
- Use a decent hosting company, cheap hosting often does not have the best techs on their team to keep the servers secure.
- Harden the passwords you use and change them often, consider implementing two phase authentication (I’ll write about this in my next post).
- Give me a shout, I offer security hardening and monitoring as part of my maintenance plan or as a one off package.
White Hat Hacking
I hack people’s sites all the time in my capacity as a WordPress consultant. I need to get access to fix things, it’s not hard you only need a little bit of access.
It’s white hat and is benign, if I can do it then you can bet a black hat hacker on the edge of the technology can get in.
Wrap up – Why Has MY Site Been Hacked?
It’s probably not personal, it’s some punk kid in their bedroom getting access to your site for kicks probably, unless it’s not :).
SEO bullshote why has my site been hacked? No really why has my site been hacked?