How Do Websites Get Hacked?

Wordpress Security Management

Google blacklists around 10,000 websites every day for being hacked, removing these sites from their search results. But why? Because these sites are now setup to download malware to visitor computers, exposing them and the things they then access online to countless problems.

The Truth About How Websites Get Hacked

Website security boils down to how the site is managed! If you let a website sit without proper security support then its’ odds for being hacked are multiplied. In fact, security is necessary with any software online and what follows will serve as necessary information for why WordPress outperforms all other website solutions! When it comes to security concerns with WordPress the issue is more upstart website solution companies trying to discredit it as a competitive tactic then any weakness. WordPress is, after all, the dominant market share solution for business websites making it the target. 

Why is WordPress the website solution leader, ‘open source’ or proprietary?

To start, it is without rival for choice of sophisticated theme (= design) or plugin application (= functionality) choices. WordPress, due to its unified worldwide support, also identifies vulnerability to hack faster than any other solution ever has or could. Versus proprietary content management (CMS) solutions, ‘the power of many’ vested interests proves to be better faster! And unlike proprietary solutions that prioritize their own business first, WordPress allows a marketer to OWN its’ website and accumulated digital web footprint. A marketer is never trapped and can move her website from host to host whenever needed.

Month over month WordPress creators (i.e. plugin application, website theme and core WP code) deploy updates, which may include new features or security updates AND so it requires some management. Often that’s a simple click of a button, but in some circumstances help is necessary. If so, there is never a lack of WordPress support and a timely manageable fix! Themes and plugin applications should be researched, for instance via the WordPress Codex and Envato marketplace. Both offer in- depth reviews, commentary and vetting for a ‘best case scenario’ when searching any business website requirement. Needless to say, Kinetic Knowledge supports general management, development, design and website security for hacked WordPress website owners. 

On WordPress Security: Matt Mullenweg, co-creator of WordPress

“As the most widely used CMS ( Content Management System ) in the world, many people use and deploy the open source version of WordPress ( WordPress.org ) in a sub-optimal and insecure way, but the same could be said of Linux, Apache, MySQL, Node, Rails, Java, or any widely-used software. It is possible and actually not that hard to run WordPress in a way that is secure enough for a bank, government site, media site, or anything.”

How To Avoid Being Hacked

At least for WordPress users, which is the lion’s share of business websites on the World Wide Web today, management should understand this ever- emerging threat of hacks including:

  • responsible local computer use, so the PC itself doesn’t become the vulnerability;
  • sincere respect for protecting usernames & passwords, encrypt them with non- dictionary based words and include a combination of lowercase & capital letters, numbers and/ or symbols;
  • knowledge for what different host & service packages do and do NOT offer; cheap shared plans won’t support much; whereas, a good managed host plan may;
  • prioritized attention for WordPress upgrade(s) execution;
  • (equally) prioritized attention for plugin application and theme upgrades;
  • a VERY conservative approach for what 3rd party applications are allowed into the website, DO NOT just load up every cool thing that comes down the pike;
  • protective software like, for instance WordFence, that protects in real-time by blocking identified attacker IP addresses from WP websites all over the world;
  • protective software that perpetually scans for Malware, Viruses and security vulnerabilities; that also helps to remove it and a reliable firewall AND THEN FINALLY
  • HT Access protection to lock out any outside access to particular files in the website’s database.

As mentioned above, we support hacked WordPress website owners

Website Hack Types

Sometimes the result of a website hack is

  1. the site is taken over and used to promote drugs, porn’ or other things via ;
  2. the site’s host is used to generate email SPAM which also typically gets the domain blacklisted;
  3. a page that has subtle maybe hidden links placed, links no one would knowingly add in their own pages, AND
  4. worst case – the website is used to load malware on to all visitor computers.

Hacked Website Warnings By GoogleGoogle Chrome Hacked Website Warning

Even more troubling for business owners, when Google (because it crawls all websites) identifies a hacked site its’ Chrome browser will discourage anyone from visiting it with big red warning signs. “This site may download malware to your PC, advance at your own risk!” is basically the message. Even worse, Google shares their ‘hacked website list’ with most other browsers too, so no one should expect to slide by with the folks coming in from Safari or Firefox either. And truthfully, thank goodness for Google’s efforts … or we’d all be in a lot of trouble.

Kinetic Knowledge offers WordPress Host Management services that can help service & protect against these very issues.

Revolution Slider: Widely Used WordPress Slider Plugin Application Hacked!

The Revolution Slider application for WordPress was temporarily unsafe a few years back and rumored to have allowed over 100,000 websites to be hacked. While it was fixed and the upgrades were released rapidly, people should know that its’ upgrade management in most cases did not come rapidly if at all … AND THAT WAS USER ERROR! WordPress was not the problem, and while the plugin was a temporary problem, the longer term problem is the site owner that fails seek out WordPress support that manages updating. Anything less than thorough software management nowadays is a big potential problem.

NOTE: The web and its great tools are advancing with or without us! And folks, typical “shared host plans” DO NOT update or manage your website software! $10- $25 a month likely doesn’t cover that kind of support.

We Support Hacked WordPress Websites – Business Website Hacked | Business Website Cleaned

Hazardous MaterialsWhile we see it quite often nowadays, more recently a company approached us about their (GoDaddy shared host plan) WordPress website. They were in a state of emergency because the site had been hacked! And to add insult to injury, Chrome (Google’s browser) was warning all visitors to avoid their Malware infested site … OR risk personal harm. A little looking around showed the website was a year or two behind on its core WordPress updates, including updates to a particular plugin known to have a massive vulnerability ( i.e. Revolution Slider ). The site’s management had been poor and, as a result, it had been identified as vulnerable, hacked and loaded up with malware!

The addition of malware detection software, a series of WordPress & WordPress plugin upgrades, the removal & replacement of the before- mentioned slider application and then a series of scan projects allowed for this website to be rid of its’ malware. The site was then both submitted to and accepted by Google in good standing, which happened quickly. And for this company, it was a temporary traffic & sales death penalty not to mention a completely nerve- racking experience.

Believe it or not, it happens every single day. Microsoft, Twitter, Facebook, Drupal, NBC … the list goes on … have all been hacked! Unfortunately, it may be happening to you right now and you just don’t know it yet. These hackers deploy bots to crawl the web and look for vulnerabilities in website, database or application(s) code that allows for invasion with their malicious code. All day long these nefarious bots crawl the world wide web and search for these vulnerable websites. When, for instance, a vulnerable application is identified they pounce… so unless you wish to manage it, best to look for Specialized WordPress Management Host Services.

Understanding WordPress For Business

With websites what a business uses not only matters, but determines how much control they will truly have! A business does not ever want to be trapped and that is a typical scenario with proprietary website and free solutions. It’s why it’s important to understand what WordPress can offer a business. Certainly knowing there are cost effective solutions for any application or design element is a relief; how about endless options for support and an ability to build web footprint references, links and citations without any interference! No business should be held hostage, which is why it helps to understand WordPress!

The WordPress Options

WordPress Services For BusinessFor business owners we think it’s incredibly relevant to understand the above, so this post breaks down how WordPress works and is supported. To begin it’s best to know the WordPress use options, which include:

1) Create a free website or blog via WordPress.com, which offers free hosting only if you use a subdomain URL of WordPress ( i.e. http://www.YOUR_NAME.wordpress.com )

2) Download WordPress.org software and host a user owned & controlled website via any user owned domain ( i.e. http://www.YOUR_NAME.com )

3) Hire an independent programmer to set it all up for you OR

4) Hire a comprehensive WordPress setup, manage, maintain and regular upgrades support or Webmaster Host serviceincluding for ongoing support.


Context for how WordPress and its’ open source community of programmers work together to provide what is the leading solution for business websites worldwide. In fact over 60 million and 27% of the entire worldwide web choose WordPress based upon what follows!

How WordPress Open Source Software Works

Officially there are two versions of WordPress software, each mentioned above. WordPress is managed by a core development team of experienced individuals and it is also supported by a committed international community of independent ‘open source’ programmers & designers. The core development team manages software updates, which include feature improvement as well as any potential code vulnerability. The ‘open source community’ backs them up with immediate knowledge and support for improvements and bug fixes as well as an elaborate choice for plugin applications or design frameworks (themes, templates). The plugin applications or design frameworks are mostly paid- for solutions, understandably so considering pay supports the incentive to participate at a level of quality the discerning business requires. Simply put, there is no other solution with the depth of support and the no. of design & application options. Website and web footprint ownership makes WordPress the undeniable world leader for business. 

Open Source Software Defined

Open Source Software could be summarized as software that harnesses the collective knowledge & experience of many in order to support its’ ongoing advancement. Specifically, software source code is made available by someone (in the case of WordPress via a copyright license) that permits collaborative use, change, improvement and even modified redistribution. Many believe it’s the best way to manage software development because of how (assuming the support environment is committed) the ‘power of many’ can collaborate to enable rapid fixes, improvements and fine tuning.

By no means should we write off proprietary software because there are potential pitfalls! For instance, lots of people contributing to software code doesn’t necessarily guarantee a good thing. Like anything, without a hierarchy and good management things will go wrong. No one pays the ‘open source community’ to participate with WordPress; however, the core development team does manage what ultimately is and is not used. They are paid, likely, from what WordPress.com generates in upsell option’ revenue. In fact, studies have shown that open-source software has a higher, quicker flaw discovery turn around than proprietary. And let’s face it, even Microsoft has had their issues.

how wordpress advances by kinetic knowledgeWhy Do Developers, Programmers and Designers Participate With Open Source WordPress?

Why would so many great programmers and designers participate in something like the advancement of WordPress? Or to be specific, WordPress.org. 

From the core development team you have WordPress software code, which is managed and advanced via use in the WordPress.com environment. From that experience WordPress.org sees regular upgrades to its’ code. Simultaneously the ‘open source community’ produces paid- for themes [framework designs] and plugin applications for virtually any imaginable need. It’s the opportunity to sell these solutions to WordPress.org users that offers them an incentive to participate in bug fixes, random advancement challenges and/ or in defense against the random hack. The core team allows the ‘open source community’ to see what is coming down the pike update- wise. The community is then both encouraged to offer input and it gains insight for how to update their various themes and plugins.

Again, WordPress software is the core team’s full time paid job; whereas, the open source community of talented independent programmers & designers offer both support and paid- for theme designs and plugin applications. They do it part for the love of WordPress, part because their work may serve as recognition for a unique programming skill and part because it affords them an opportunity to be on the leading edge of paid- for WordPress solutions. Other words, it’s virtually free advertising and/or they do it to sell things in what has become a huge managed WordPress marketplace! Imagine it: build something great, form a successful business to sell it in a thriving marketplace and do it all without the need to borrow money. 

WordPress Website Business Requirements And Support

Understanding How WordPress Works | Kinetic Knowledge

As a business it’s important to understand all of the above. It’s also relevant to know that where there was once a lack of formal (open source) theme or plugin evaluation there is now! We recommend evaluating any WordPress theme or plugin in Theme Forest where there are public reviews, Q & A forums, ‘update timeliness information’ and visibility for how supportive the developers truly are. To demonstrate, consider this early on business scenario and how it should NEVER be a concern thanks to Theme Forest:

“I’m not familiar with what the protocol is for these matters but…many WP users have installed themes by XYZ. She has stopped updating her themes and her former website is down. I have tried contacting her w/o success. I was wondering whether protocol permits another theme developer to support the thousands of WP users who have these wonderful themes. Many of us hope they won’t be abandoned.”

Let’s face that it can be a miserably frustrating experience when something breaks or doesn’t jibe… and it happens with any software! Business people are often too busy to keep up with the development of software, not to mention vetting a developers’ reliability. In the long run it can pay to have experienced WordPress Webmaster Support and we’ve been providing it for 15 years now. And by the way, serious companies like CNN and Dow Jones deploy WordPress… and they hire good help.

Modern Mobile Website Effects Distinguish Brands!

Creative WordPress Website Effects Help Distinguish Brands



New modern mobile ( WordPress ) website effects, including video roll / rotating gifs, drop shadow headers, scrolling parallax images, full to boxed width displays and various others can go a long way towards impressing the average visitor and distinguishing your brand from the competition.

Why Is WordPress Better For Business Websites?

WordPress Websites For BusinessWhy Is WordPress Better For A Business Owner?

Often a business owner will approach us with a broken WordPress website. “Why is my website broken? What has or has not been done to cause this? Can you fix it and avoid these problems in the future? And the answers need to be explained in ‘layperson terms’ so that even the least tech’ savvy business owner can feel informed & confident. After all, for a business serious about its’ marketing, all that is at stake is the health of a brand, its’ ever- growing web footprint and money.

A WordPress website is, essentially, a collection of folders and files that you can own, control and move host to host without undermining web footprint, but it also has to be managed month over month. 

WordPress.org is software managed by thousands of people invested in its survival (= open source software) AND NOT its direct profit (= proprietary software). If these managers make a living from WordPress it is first because the core software advances and survives. They can then offer services that add value for a fee. Versus a proprietary solution, which more often than not prioritizes its’ own profitability before it does the value of the software to another, it makes a world of sense. In many ways it has been a best case scenario for a business interested in having control over the long term direction of its’ brand. Virtually limitless pre- coded affordable application options is also a unique advantage stemming from its status as open source.

And so over the course of 15+ years this ingenious, but intuitive content management system has emerged as the go- to website solution for serious marketers. WP doesn’t come without challenges and as above it must be managed & updated, but is anything of value to so many ever simple? As of April 2017 it is believed to be responsible for 27.8% of all the world’s websites.

WordPress Folders Defined

At its base there are three folders that work together, but have specific purpose. These include the wp-content, wp-admin, wp-includes folders.

I.) The wp-content directory folder is where a websites’ actual content lives, for instance it might hold plugins (i.e. functional applications like contact forms or e- commerce), themes (i.e. design framework), uploads (i.e. PDFs and images), etc. When WordPress core is first installed wp- content has nothing except maybe a basic default theme. It is the only folder that is constantly edited and so when core WordPress upgrades come, this folder goes untouched. Not to say that plugin applications and themes do not get their own upgrades because, in fact, they do and nowadays customization should be managed within documented parameters. Plugin application and theme updates often follow the core WordPress updates, and may conflict if theme or application customization was done outside set parameters. To be thorough here, when we say “WordPress core” we mean everything that is NOT in the wp-content folder. The setup makes upgrading core WordPress relatively easy because content and design remain separate from that framework.

II.) The wp-admin folder houses all the functions of the administrative panel of a WordPress site. It’s where one accesses the inner workings of WordPress, for instance to create or update a user account, a page, a blog post, etc.

III.) The wp-includes folder contains a bunch of function folders that make it all work. It’s where the meat of core WordPress code lives. These folders have a ton of classes and functions, that for instance enable a WordPress website to have a theme that can be designed or developed. It is all loaded before the theme so all themes can then have access to these classes and functions.

WordPress Files Defined

At the base or root level there aren’t many notable files; however, maybe the most important file in all of WordPress does and that is the wp-config.php. This is where the website’s base configuration code lies, such as its database connection information. When people try to hack a WordPress website they start here in order to try and access that database. Wp-config.php is also the only file one might or even should ever edit that’s not of the theme. The rest of the most important files end up in the actual theme itself. These might include:

  • style.css – file holds all the CSS ( cascading style sheets ) for theme(s) and theme info (name, author, version, etc.)
  • index.php – fallback template for all content
  • single.php – template for a single blog post
  • page.php – template for a single page
  • page-{templatename}.php – template for a different type of a page, maybe for instance without any sidebars
  • home.php – template for the front page
  • header.php – template for all header info and navigation
  • footer.php – template for all footer info
  • sidebar.php – template for a sidebar of the site
  • functions.php – where all theme functions live
  • comments.php – the comments template
  • 404.php – template displayed when a URL can’t be displayed

And while the definition of its files & folders, or its ingenious setup, may not be the most exciting thing to understand; what is especially great about WordPress for the business owner is they can not only continually grow an online presence over time, unencumbered with almost unlimited options for advancement & change, but own it all outright!