Why is My Site Getting Hacked?
Posted by ASO Admin on 07 February 2020 02:08 PM
Are you getting hacked and you're not sure why? In this article we'll explain some of the most common ways a website gets hacked and what that means relative to a server's general security.
This means that, for example, even if you boost the core PHP/Apache system with tweaks that secure them, in the end, if your WordPress blog is using a plugin that uses a deprecated/old MySQL connection system (such as the 'mysql_connect/mysql_query model': http://us1.php.net/function.mysql-connect) without correctly "sanitizing" (processing) user input, your website will most likely be compromised at some point.
Unfortunately, without sufficient testing, it is very hard to predict if a plugin you install is vulnerable or not. You should only install plugins and themes from professional developers or enthusiast programmers that are following security practices that prevent the most common types of attacks.
Modern coding practices strongly advise filtering user inputs, which really helps to eliminate a lot of security issues, however some themes and plugins may still be written using the "old ways". This is very prevalent in the PHP world, as PHP is the most widely used programming language for web applications.
Protect Your Website
So, to help protect your website from getting hacked see our detailed 'What to Do If You're Hacked' article.
For more info, take a look at our guide to hardening WordPress: https://help.asmallorange.com/index.php?/Knowledgebase/Article/View/556/39/secure-your-wordpress.
See also What to Do If You're Hacked