Hacked Website? Every Site is a Target

hacked website

When pricing website development services on an existing website, I request to review the source code before providing a quote to audit the condition of the website.

The majority of the time there are security issues I see that need to be addressed. When I bring up the odds of having a hacked website, they usually say something like “My website won’t get hacked . I don’t store credit cards on my site, so there is nothing a hacker would want.

You couldn't be more wrong

I understand why small business owners may think like this, but website hackers are not just looking to steal credit card information or personal data.

Often a hackers intent is:

  • to send mass spam email from your hosting account
  • generate “black hat” SEO backlinks that they embed into your website code
  • redirect your site to somewhere else
  • simply wreak havoc – because it’s their idea of “fun”

What hackers Target

Hackers don’t care if you are a small business or a large company. Most hacked website are not from an individual trying to target only your site. They use bots (scripts) that crawl the Internet looking for vulnerabilities in web hosting accounts and website code. If you’re vulnerable, they attack. If your hosting account and website are not secured, they get in.

A website is software

All sites need ongoing maintenance to keep them updated and secure just like a computer program, apps on your phone and your operating system on your computer.

Securing a site when it’s first built and then never doing any type of website maintenance to keep it secured is a vulnerable website. Many websites I review were never secured properly initially. Usually, this is because of an inexperienced web designer, or it was offered and the client declined it.  This is especially true of websites built with WordPress. Often, no site maintenance has been done since it was first built. 

Hacked Websites Have Many Points of Vulnerability

There are multiple points where than can be weaknesses for a hacker to target.

Web Hosting

All small business websites I am hired to work on buy shared hosting services from a web hosting company, rather than managing their own web server.

Related Post:   Why Convert From Joomla to WordPress

It makes sense. This is a cost effective and logical choice for many small businesses that do not have an IT department to provide server administration services.  The host’s job is to provide space on their web servers for you to build your website and are responsible to maintain all aspects of server administration. This means keeping the web server secured and up to date to protect their customers. If your host is not doing this, it’s time to look for a new host.

Recently I reviewed a website on one of the most well known shared hosting companies and could tell that it was not running the current stable version of PHP. While reviewing the code, I saw the site had been hacked and was infected with multiple malicious files.

I explained to the site owner, the importance of keeping PHP up to date on your hosting account and that it could be the source of where their site was hacked. In my website quote, I included (cleaning the hacked website), upgrading the web server to use the current version of PHP and to upgrade the written PHP code to support the new version. After I was hired to do the work, and was given access to cPanel, I found they were running a version of PHP that has not been supported in 6 years. The only option was to upgrade PHP to a version that has not been supported since 2018.  I told them it was time to find a new host.

You are paying for a service. If they are not providing quality service. Find a new hosting company.

Website Code

Website Repair ServiceWebsite code that is not properly secured up front, and then maintained is also a huge security vulnerability.  Open source software, like WordPress is a prime target for hackers.
The beauty of open source software is that anyone can download, study and learn how the code works. Combine this with the fact that millions of websites run on WordPress, makes it a prime target to be exploited.   Hackers can learn how the code works. They can listen to the community chatter when a vulnerability is found. Then, they can act quickly to target the weakness and attack thousands of sites (blindly)  that are vulnerable. There is little investment on their part, to reap big rewards of hacking many sites. They don’t care who owns the website, or what the site is about. It is about mass targeting to affect as many sites as possible.
Most people think that a hacker cracks your password and logs into your site. This is not the case.  Weak, insecure code is what I see most. It’s also easy to prevent.  Secure your WordPress installation and then maintain WordPress by keeping your website code and plugins updated.


Password security is straight forward and simple for anyone to do.

  1. Use complex passwords.
  2. Don’t share your password.
  3. Change your password regularly.
Related Post:   WordPress redirect http to https

This applies to every password you have, not just related to your website, EVERYTHING.

Many of my ongoing website maintenance clients are people that contact me saying “someone hacked my WordPress website” or “my website keeps getting hacked”. If you don’t clean the infection thoroughly and then address the point of vulnerability, the problem will continue.  You have to keep up with security maintenance so your site does not get hacked again.

To Summarize:


More Advice

Free Estimate

Hire a Freelancer

Hiring a freelance web programmer is an affordable solution for small businesses to get website support with development, maintenance, management and more.

Do NOT follow