NewSprout Support Articles

Why would my website get hacked?

in Web Hosting

If your website has been hacked or compromised in anyway then your site has probably been suspended by your hosting provider to ensure your site is not, literally, “spamming the world”.

A suspension will prevent any further hijacking of your content and sometimes it will protect your domain’s integrity and also limit the damage already done. Damage that has affected your site, emails, and the servers reputation you are hosted on. Which in turn affects other sites and email accounts on that server potentially for days! These are business impacting issues that you and your host can do without.

The source of the hack is almost certainly one of 3 things:

1. Due to your CMS (Content Management System) such as WordPress or Joomla not being the current supported version. In other words, your website has been neglected!

Your plugins and themes need regular updates.

A hack would mean they are probably not being kept up to date. It could also mean you are using some “dodgy” plugins…there are lots out there! But of course there are plenty of great ones.

2. Your contact, order forms or blog do not have adequate robot security. You need a CAPTCHA or Honeypot installed on contact forms, order forms, and if you have one…your blog.

3. Your passwords in general are weak or you are using the same password everywhere. If a hacker cracks one, they will often attempt to use it on other parts of your hosting. For example if they get your email password they’ll try use it on your website editor.

Also, you could be using a weak login password to your website or one of your other administrators could have a weak password. Or you may have outdated administrators that need removing entirely.

6 steps you need to do immediately…

  1. Scan your site for malicious content and ensure it is removed. Your Web Designer/Developer will know what to do. You may need to restore an earlier backup that has not been compromised. However this is not always a solution as the malicious code could have purposely been laying dormant for weeks or months before being activated. In other words, your backup may also be infected!
  2. Update all plugins and themes to the current supported versions.
  3. Remove any unused plugins and themes – this will also help your site run more efficiently.
  4. Ensure you have a CAPTCHA or Honeypot installed on your sites contact and order forms. These fend off hackers robots from using your forms to send Spam.
  5. Change your CMS login/WP-admin, cPanel, and email passwords regularly and to very STRONG ones. And remove old administrators that may have worked on your site in the past.
  6. Scan all computers used to access your website editor for any viruses. Ensure they are clean and the OS (Operating System) is up to date…the hacker could have got in this way (through a virus on your computer) and cracked your website and CMS admin password, or your cPanel password, and/or your email passwords!

Are NewSprout Servers secure and how can we help you?

Yes…our servers are very secure.

All server applications are updated regularly to supported versions.

Also, included in all our plans, are regular backups. Your site has 2 weeks of archived backups on NewSprout’s Backup Servers (with up to 4 different copies each day). You can login and download these anytime to keep a local copy, and you can restore your files and databases directly from your cPanel.

Located in a ISO7001 Federally Approved Data Centre in Sydney, Australia https://www.newsprout.com.au/internet-data-centre/

How do hackers get in to the server to hack a website or email account?

The answer is they don’t get in to the server operating system…they actually get in via your website, cPanel, or email account!        

This can create a multitude of painful and costly issues for your business.

Put another way: if there is no content, then there is nothing to hack. If there is vulnerable content then there is something to hack.

Why would they want to hack your site?

A few reasons but the most common ones are…

  • To use your clean website and domain to send spam
  • For phishing purposes. To use your site as a clean platform to pretend it is another site

Any clean source they can find is a great platform to carry out these activities.

So what’s the BIG lesson here?

If you update your websites plugins and themes regularly and use strong passwords then this makes it difficult for nasty activity to be attracted to your site. But if you don’t update your site regularly and use weak passwords then it makes your site very vulnerable!  This often creates a multitude of painful and costly issues for your business.

It’s much like owning a car – if you don’t maintain it the chances are it will break down sooner rather than later and the repair bill will be much much higher than a regular scheduled service!

A regular update schedule is so important

You have a website live and on the web for a reason…for you to attract the right kind of customers who will use your products or services or information. Don’t risk unwanted activity by not setting up a regular update schedule.

Your web designer should recommend regular updates. If they haven’t then please ask them to do so!

24/7 Email Support

Support@NewSprout.com.au
Response time: less than 58 minutes

Call 02 6687 6533

Speak to our Australian Support team
8:30am - 5:30pm AEDT