Experts agree the majority of websites out there are prone to getting hacked into. Why is that? There are a number of vulnerabilities that exist which can make your website insecure. Let’s take a look at 5 primary reasons a website is prone to being compromised.

Reason 1: Poor Passwords

Many of us find recalling passwords difficult, so we tend to use simple ones as a means of remembering them. This is a big mistake and one which can put your website at risk. A weak password leaves a website vulnerable to brute force attacks. Hackers simply try easy-to-guess passwords to access a website. Surprisingly, a report from 2011 found “123456” to be one of the most common passwords. How long do you think it would take a hacker to force their way into a website “protected” by that password? Not long at all. Unsure if your password is a strong one? Visit the Password Strength Meter to find out.

Reason 2: Insecure FTP Connection

Standard FTP protocol is unsecured. FTP sends usernames and passwords unprotected which leave your website vulnerable. Consider switching to a more secure solution such as SFTP which uses SSH protocol or FTP(S) which uses SSL for encryption for better security.

Reason 3: Server Level Vulnerabilities

Some web servers run vulnerable FTP software that can be hacked. Security holes can form. If they are not fixed promptly, hackers can attack. Most hosting companies offer enhanced security features, such as SiteLock, that should be utilized. Consider adding these features to your account for a more secure website.

Reason 4: Web Application Vulnerabilities

Be vigilant when it comes to checking your website frequently for outdated software and malicious code. Running outdated applications puts your website at risk. WordPress releases updates regularly. When an update is released, WordPress announces the issues that were fixed from the previous version. If your website is not running the latest version of WordPress, hackers can easily find out what makes your site vulnerable and attack it. Staying on top of updates is key to protecting your site from an attack.

Reason 5: Third Party Add-Ons

Third party add-ons are popular because they add functionality to a website. From contact forms, to galleries, to social media widgets, third party add-ons are commonly used to jazz up a website. But, depending on the author of the plugin, code may include vulnerabilities. One way to avoid these vulnerabilities is to be as vigilant as you are with WordPress updates and keep these plugins updated.

Now that we know a few ways to protect our website, the question remains: Why does anyone hack a website? You may be surprised to learn that in many cases attacks are automated. It’s believed that it’s not one individual trying to intentionally hack your website. Instead, it’s merely coincidence and bad luck. Your website is randomly caught while a bot cracker scans the web. Targeted attacks tend to be reserved for larger businesses, such as the NBC attack in 2013 and the more recent Forbes attack. But why? There can be money made in these attacks. Often times, the hacker is protesting a political or a religious agenda. Sometimes, they are looking for bragging rights. But in many cases, it’s sheer boredom which leads hackers to attack. It’s your responsibility to make sure your website is as secure as it can be. Following these tips won’t completely eliminate the risk of an attack. But they will reduce the risk.