Discovering your website has been hacked easily ranks as one of the least enjoyable experiences associated with running a website. Depending on the type and extent of the hack, the cleanup process can be quite lengthy and costly, but many sites can be cleaned up very quickly. Of all the questions that arise when this happens, users are often left asking:
1) How did my site get hacked?
2) Why did my site get hacked?
3) What can we do to prevent it happening again?
These three questions are often intrinsically linked and the answer depends significantly on the site’s setup and the type of attack. In this three-part guide, each of these questions will be looked at in turn. The following assumes that the site is running on WordPress, but the principles are the same for most other popular CMSs.