/* Template name: single post */ Why would anyone want to hack my website?
1px-down 1px-left 1px-right 1px-up 2px-right 2px-left 3px-left block-l circle-down 3px-right pointy-l pointy-r circle-up sarg-left sarg-right tall-l tall-r thick-left block-r thick-right
contact hamiltro for the best website design contact@hamwebs.com

This is the question most people ask when their website gets hacked. They often have no idea what anyone would gain by hacking their website. They can’t imagine people hacking without a personal connection to them and they think the hack is something against them.

But it’s probably not. Big corporations may be vulnerable to being targeted, but for small to medium websites, the lure tends to be simply being able to use your hosting environment in a parasitic way.


Think of it like this: you have a house and you live in the above-ground part with electricity and running water and everything else you need up there. You also have a basement where you rarely go (I’m making this up by way of illustration; don’t worry if it’s not an exact description of your living situation). The basement also has electricity and running water. A small group of people who manufacture illegal addictive drugs find your basement unlocked and sneak in and start quietly manufacturing drugs down there. They’re hidden from the public, they’re hidden from the law and they can make drugs using your electricity and water—just as long as they’re very quiet and you don’t happen to go down one day and notice that there are things all over the place that aren’t supposed to be there.

That’s what it’s like having hackers get into your website. 


Hackers can get in by all kinds of means, including when:

  • You have used weak passwords, easy enough for someone with a password-cracking robot to crack (and especially if you have a user with a generic or guessable name like “admin”).
  • You have neglected to upgrade your website’s code or plugins.
  • Your host company has neglected to upgrade the server code base that your website runs on .
  • Your site has been accessed using an insecure connection that enables hackers to intercept the logins.
  • Your site uses plugins that allow zipped file uploads and downloads.


And how does anyone have the time of day to figure all this out to break into your well-intentioned website?

I remember when I first encountered a hack I had to clean up, I wondered this too. Then I encountered one of the hacks that, once it’s in your website, can replicate itself from within, even when you have re-secured the login access with strong new passwords (I’ve seen files reappear where I just deleted them, happening before my eyes). These are increasingly common—nasty things—and when they’re in a site, they can infect hundreds of folders full of files at once.

Which raises the next question: who has the time to code up these elaborate self-replicating hacks? 


There was an article in the New York Times at the end of 2023 which shed light on both of these questions. It tells the story of a person who was kidnapped and imprisoned in a forced labor camp in Myanmar where about 70 people were forced to work at online scamming. Apparently there are hundreds of thousands of people who have been trafficked into criminal gangs in South East Asia—many of them carrying out online scams.

The person at the heart of this NYT story escaped after seven months but by the sound of it, escape is rare. But the stories those who have escaped have shared give us the answer to the questions about who could have the time to do all this hacking. It’s probably not people with nothing better to do with their lives. It’s more likely to be people who are in bondage to criminals at a large scale.

And guess what? Your modest website is as good as any place to operate from if they can get in. So your hacker may be an individual, but a hack is possibly more likely to be the result of one of these criminal gangs.


Once they are in, they can do all kinds of bad things, including :

  • Host illegal content
  • Send spam emails from your domain
  • Mine cryptocurrencies using your processing power and bandwidth
  • Use your server as a base for spreading more malware to other websites
  • Inject spammy links to manipulate search engine rankings for other websites (which will harm your website’s reputation)
  • Collect sensitive information your users may enter on your website


So buckle up and…

  • Change your passwords. Change them to strong passwords like the ones you can generate here.
  • Logout all users after you have changed the passwords, just to be sure.
  • Keep your website maintained to the highest code-standards.
  • Make full backups often if you update your content often (and at least once a year, regardless).
  • Keep your backed-up files in a secure place that’s not your actual hosting environment (either in cloud storage or on a hard drive).
  • Install firewalls, malware scanners and intrusion detection systems (be aware, however, that if you install trackers to alert you to brute force login attempts the results of this can be as annoying as a security web cam that sends you an alert every time a cat or a squirrel goes by).

Then relax. You can keep hackers out if you do all the things. Just as you can keep intruders out of your basement.

How strong should my password be and what if I forget it?
What should I do about updating the website code and plugins?


    Leave a Reply

    Your email address will not be published. Required fields are marked *

Author: Rohesia Hamilton Metcalfe
I design websites and write about things people might like to know about websites and digital marketing.

More topics to explore


Search engine optimization strategies that used to work no longer do. Bloggers and many websites have been impacted and here's why...

Read More


Ethical and practical considerations for artists looking to protect their artwork from users of AI models.

Read More


Your website is where the public meets you. It’s your opportunity to make a great first impression that will bring success. You launch it with pride—but how much attention...

Read More

Need a bespoke website for better outreach?

Contact us