Why Hackers Attack Insignificant Websites?

why hackers attack insignificant websites

A lot of people who have websites are shocked to discover that they’ve been attacked by hackers – why would they bother?

The first step is to realise that these attacks are automated and they’ll pick out any unprotected site – it’s not personal. Once a site has been hacked, malicious software will either carry on doing whatever it’s been told to do or report back to its masters.

The things that can be achieved include:

  • Misusing data stored on your site

  • Accessing the processing power of your hosting server to spread spam or more malicious software, or to engage in cyber-attacks
  • Hosting malicious files and content
  • Exploiting your traffic to increase visits to malicious sites

It’s worth remembering that WordPress websites are very often stored on shared servers and complex software can gain control of those servers. This has become a bigger problem since the advent of cryptocurrencies that can be mined, like Bitcoin and Monero. Criminals now abuse web servers to mine for themselves or sell them to other miners.

Phishing scams

A hacked website can be used to put up a phishing page – a replica of a page from another company. It’s usually an online service, a shipping site or a financial institution like a bank or PayPal.

The page is then linked to from spam emails in an attempt to lure unsuspecting victims to the page. If they log in, they’re giving the criminals their username and password, perhaps other information like contact or bank and credit card details. These are used or sold on to other criminals.

If your site has a good reputation then it is more valuable as it may get around safeguards like Google Safe Browsing.

Spam page hosting and bad links

Other pages and links can be added to your site that point to shady sites like escort services, payday loans and others. These will exploit your site’s good reputation too, improving the SEO results for these sites.

These pages are often injected when site owners unwittingly add WordPress plugins that criminals have bought and modified to included malicious functionality. One such project that Wordfence unmasked involved nine plugins and had been running for nearly five years!

Spam email senders

Malicious software can also activate and run the mail server software that’s present on web servers without your knowledge.

Eventually, your IP address will be blacklisted by ISP’s and the spammers will move on. In the meantime, you’re blacklisted, which could cause all sorts of problems.

Co-ordinated attacks

Once a system has been compromised there’s really no end to what can be done with it. Often compromised sites are linked together into a ‘botnet’, which can be sold to people who want to achieve certain ends.

That might include setting up cryptocurrency mining operations or launching malicious attacks on other websites. Your site might also be used to host malicious files that are used in these attacks.

Valuable site traffic

If you’re attracting a lot of visitors, the motivation for the hacker may change. It might be defacing your site to spread a particular message or to attack you, if you’ve somehow offended them.

Malicious redirects can send your visitors to bad sites without your viewers even clicking on a link. Those sites can host malware that infect their machines as well as spreading it to other servers. Ransomware, in particular, is distributed in this way.

All of this can hurt your reputation among your visitors, as well as your digital reputation.

Protect data

Just because you don’t sell anything or take credit card details doesn’t mean the data you hold on site visitors isn’t useful to hackers. Personal information may give hackers clues that allow them to unlock other sites that your visitors use.


It’s clear that hackers aren’t just interested in big fish – minnows have plenty of attraction too. If criminals can break in, they will happily find a way to monetize it.

Thankfully, you don’t need to be a security expert to keep your site safe. With some basic knowledge and Wordfence Premium installed and configured correctly, that should keep the hackers away.

If for some reason you do not want to purchase Wordfence Premium, you have the option to install the free version which offers very impressive features such as web application firewall, block brute force attacks, malware scanner and being able to view blocked intrusion attempts and much more!

Have you been hacked?

When your website has been compromised it is extremely important to restore it to working order as quickly as possible and also to inform Google that the website has been cleaned to keep your SEO intact. Contact Baldwin Digital today for a quote and let our team take care of it for you professionally.