First, let's answer the question, “Why do hackers hack?”
The vast majority of serious hackers are motivated by profit, to make (steal) money.
A minority are motivated by politics, to further a cause or make a statement. And a few just enjoy the challenge and malicious fun.
But why would they be interested in your small, innocent website?
Except for a few “high profile” cases that we read about in the news, hackers by and large are indiscriminate. They are not personally looking at each website. Instead, they send out legions of “bots” . . . bits of code that scour the internet looking for vulnerabilities in websites.
This scouring and search for ways in to sites is relentless. It’s not uncommon for a simple site to be hit scores, if not hundreds of times a day. Usually the bots find nothing and you never know of the attempt. But the pro-level hackers keep themselves informed and as each new vulnerability is exposed, they send out legions of new bots to break in before the holes are plugged.
But why my site, it’s got nothing important?
Remember, the hackers are indiscriminate and the work is being done by bots. At the first stage, they’re just looking for any way they can find to break in. Once in, there are a number of things that might happen. Some you may never know about, others are obvious.
Here are a few reasons hackers might want into your site.
1. Steal information – many sites contain usernames, email addresses and passwords. Some may even contain credit card or other more valuable information. All valuable stuff to a hacker
2. Secretly use your site to infect the computers of visitors. Remember, most malware is spread via the internet. Hackers may plant a bit of code that you never see, but when someone visits your site and attempt is made to infect the visitors computer . . .and thus gain access to all their info. There has even been a rise in infections that encrypt a computers whole hard disk, demanding a ransom to unlock it for the computer owner.
3. Redirect your visitors. I’ve cleaned up several sites where this has happened. Visitors who want to see your site are redirected to porno or other sites.
4. Commandeer services. They may use your site to send out spam email
5. Find a way into your hosting company servers. In this case, when it happens they can often gain access to all the sites on the hosting server. This can easily be hundreds of sites. There have been several cases of large, well known hosting companies being hacked into and thousands of sites they host being infected.
6. Other reasons. There are many other reasons, generally less common but still real. The above however should be enough to convince you why your site might be a target. They may not be interested in your site at all, they just want to use it as a “doorway” to bigger fish.
Reality is that having good solid protection on most sites is not that difficult, but people either don’t take it seriously or are lazy. I understand that you personally may not know how to protect your site, but that is not an excuse. There are plenty of options out there.
Think of a good security pack as both precaution and insurance. When you leave your house, you lock the doors. You don’t leave the keys in your car or doors unlocked. You keep insurance on your home, your car, your business . . . .
Restoration of a hacked site is expensive, if your site has been blacklisted because of a hacking it can take weeks if not moths to earn back it’s “safe” status. Most people don’t take website security serious until they’ve been hacked; by then the damage is done and the expenses add up.
We offer a rock solid security pack for your website. You can read more here WordPress Site Security. Whatever you do though, take security seriously before you wish you had.