Question
How was my site compromised? Is there a security issue within the cPanel & WHM Software?
Answer
The most common way that websites get hacked or defaced is from insecure plugins, themes or components in various CMS software (such as WordPress, Joomla, Drupal, etc...)
While the actual CMS is very secure and any security issues are usually patched very quickly, the underlying plugins and themes usually are not updated or even checked to see if they have one or more security implications.
The second most common method is a trojan installed on the customer's main computer that is stealing passwords. When that customer logs onto his or her cPanel page or uploads changes via FTP, the password is sent to hackers who then start using it. You may be wondering what motivation do hackers have for hacking into a website?
There are three main reasons:
- They want to use it to send out spam or phishing emails.
- They want to gain access to your data, mailing list, credit card information, etc.
- They want to gain access to your site and cause it to download malicious software onto your end user’s machine or they want to install malicious software for use on your site.
Malicious software can be installed for use on your website, and it can be installed in a way that your users unknowingly end up with things installed on their machines.
One typical use of this kind of attack is to enable larger-scale attacks. It takes a ton of machines to do a proper Denial of Service attack. Your hacked site might be one of them. Or maybe the hacker is targeting another entity and is using your website (or your users’ personal computers) as intermediary points for their own personal security.
Why do hackers target WordPress specifically? The short answer? Because it’s very popular.
Put yourself in the mindset of a hacker for just a second. If you want to take over a lot of websites for your own nefarious purposes, are you going to spend all of your time trying to find vulnerabilities on a platform used by 500 websites, or are you going to try to break the platform with hundreds of millions of sites? Because WordPress is so widely used, it’s an incredibly popular target for hackers.
As I mentioned earlier, the WordPress main code is actually very secure. But you can make it more secure just by following some simple practices. Like not having a user called admin. And moving your wp-config.php file up one directory out of your public root. You don’t even have to change any settings to do that – WordPress looks for it there automatically. WordPress has a great article here: Hardening WordPress