6 Common Reasons a Website Gets Hacked and How to Prevent It

6 Common Reasons a Website Gets Hacked and How to Prevent It

02/10/19 | Chloe Mayo

Hacking a website may seem like a really complex process, but the most common ways that a website gets hacked is through simple security breaches. There’s lots you can (and should) do to mitigate this risk. Just as you would secure your business premises, you need to secure your website, and that responsibility is yours alone. However, it doesn’t have to be hard work! Below are the 6 most common reasons that a website gets hacked, and how to protect yourself against them.


Insecure Passwords

Having strong passwords is a great habit to get into no matter what. It’s also important because having strong passwords significantly lowers your risk of being hacked. A common form of hacking is called a ‘brute force attack’, which essentially means hackers will try to gain access simply by guessing your username and password. This is surprisingly easy to do (especially with software helping them) if your password is not strong. It’s even easier if you’re using the same password for multiple websites, accounts, and users.

You should never use your name or your businesses name within your password, or any other form of identifiable (or guessable!) information. The strongest passwords don’t contain any dictionary words (in any language), do have a mix of numbers AND letters, and are at least 8 characters in length. You can use a random password generator to create a strong password that helps to secure your website from this kind of ‘brute force attack’. Anyone who has their own user access to your website needs to also have a strong password.

Protect against this hack:
– Create strong passwords using a random password generator for all users
– Have unique passwords for all of your logins
– Update your passwords regularly, just in case


‘Admin’ Username

The default username for WordPress is ‘admin’. This is well-known information which means that hackers know it, too. Therefore, a ‘brute force attack’ is half-way-complete if you don’t change your username. You can easily change your WordPress username and it’s best to change it to something that is not easy for a hacker to guess, so don’t use your own name or your business name.

Protect against this hack:
– Change your WordPress username to something other than ‘admin’
– Don’t use your own name or your business name


Untrustworthy Users

It’s common for multiple people at your business to need to have access to the website. However, once someone leaves the business, how often do you remember to remove them from the website users? It’s important to not only change all of your website passwords when someone leaves, but to also entirely remove them and their email from the user’s section in the website.

Keep in mind, too, that you don’t always have to give all employees full access to your website. It can seem quicker and simpler to give everyone full admin access, but this weakens your website security. Think carefully before giving anyone full admin privileges to your website.

Protect against this hack:
– Fully remove someone’s user access once they leave the company
– Reset all of the passwords to the website
– Limit who has full admin access to your website


Outdated Plugins

Plugins are a normal thing to have on your website. They are software applications that you can run in the background of your website to make certain things easier. Almost all websites will have them – you may not even be aware of yours. It’s important to get to know them, though. One of the most common reasons that a website gets hacked is that the plugins are old and out of date. Hackers look for this specifically and use it to worm into your website.

Plugins have lots of new versions released over time; this is often specifically to fix any security holes that have been discovered. You should therefore regularly check the plugin section of your website and update any that have new versions available. If you don’t, you’re probably leaving your plugin with a well-known security hole which hackers are likely already targeting by now.

Protect against this hack:
– Only install plugins from reputable sources
– Update your plugins regularly to the very latest version


Outdated WordPress

As with plugins, WordPress is a type of system that makes websites easier to build and run. However, as with anything like this, that means it can be susceptible to bugs which can then be exploited by hackers. WordPress works hard to continuously update their system to protect against this, but you have to update your WordPress regularly to take advantage of these fixes.

Sometimes website owners can be nervous to update their WordPress because it can break some elements of the website. However, you can mitigate any risk by involving a trusted website developer to oversee the update for you. It’s worth the investment when the alternative is intentionally leaving your website open to hackers.

Protect against this hack:
– Always update your WordPress to the latest version
– Invest in a website developer to oversee this is you’re unsure


Your Computer is Hacked

In a high number of cases, a website being hacked can often actually be a virus on your own computer. If your computer is infected with malware or a virus, hackers will use this to get your logins for any number of things – including your own website.

Keep a trusted and up to date anti-virus software on your computer and run it regularly. This also applies to any computers in your company that are accessing your website, including any laptops or computers that your employees may be using to access your website remotely.

Protect against this hack:
– Have quality anti-virus software installed on all devices that are logging into your website
– Run this regularly
– Keep the software up to date


Following these 6 security measures, you’re doing well to protect yourself against a number of harmful attacks on your website. It’s impossible to protect yourself entirely, as hackers are only getting smarter, but these prevention measures will put you in a really good position to keep your website safe.

If you’re concerned about your website’s safety, or need an experienced website developer to oversee your website updates, don’t hesitate to get in touch with Active Internet Marketing (UK) to help oversee the process for you.