Why do hackers hack websites?

It's important to say that this post is not about ransomware, it’s just about the “traditional” hacking those related to websites.

Many people still believe that typical hackers are young or teenage guys, who attack websites just because “they can do it”. The reality couldn’t be more different.

No doubt, there are quite a lot of websites which are valuable due to the immense data they store: user names, passwords, bank details and protected contents. These are owned by large companies, such as Yahoo, Dropbox, etc.

An average small or medium sized business doesn’t need to worry about hacking attempts which these companies have to deal with, but do need to worry about hacks which happen regularly to any average website.

Most of the websites are attacked for not trying to steal the user data, but because they - the hackers - would like to use the website for

  • sending spams

or

  • using the web server for attacking other computers

It’s not always obvious that your website has been hacked. Sadly you often only realise it when your web hosting provider suspends your website...

Hunting for power resource is not a beneficial business for a ‘human’... hence there are software and automations to complete the job. These small, automated scripts - called ‘robots’ - are crawling the web, searching for vulnerable websites.

Interesting note:

Quite often hacked websites don’t show any sign of being hacked for days or weeks, because – in many cases - the hackers ‘sell’ the access to the hacked websites to third parties for further usage (for example, sending spam emails).

The target of these automated hacks isn’t the web server itself: The target is always the website. Unfortunately the free CMS systems (it’s plugins and templates) have loads of vulnerabilities.

You can see just how many vulnerabilities have been discovered in Wordpress: https://wpvulndb.com/

Summing up: Any website can be hacked, but as always, hackers are looking for the easier targets, such as free CMS systems without proper updates and security protection.

If you have a Wordpress website, always ask your developer to protect your website by looking for the latest updates and secure plugins. It takes time and money, but it’s definitely worth it.