Typical attack vectors for hacked sites are the following:
- Insecure file and folder permissions where write access has been given to publicly accessible files.
- Third-party apps (WordPress, Joomla etc) that have NOT been secured and kept up to date, including any add-on modules.
- Compromised Passwords for FTP, Control Panel or CMS etc that allow a hacker access to the hosting plan files.
- Compromised Mail accounts which may have emails with ftp/panel passwords saved or that allow hackers to request password resets from your host.
Tips for securing your site
Write permissions should only be assigned to files/folders that explicitly require write access and if possible they should be hosted below the websites root folder where they are not directly accessible by website browsers.
We offer security audits for a small fee and they can save you time understanding where your site may be lacking is security.