Why does one get hacked even after using a Security Plugin?
Even though there is a security plugin is installed on your website, there are multiple ways how a hacker can get access. With this unauthorized access, the attacker could do damage to your website such as redirect your website visitors to spam sites with viruses, inject bad links into your site, or even delete files.
Let us say you install a security system to protect your house from theft or burglary. Just because you have a security system - do you keep the house doors, windows, or any entrance to your house open? No, right? This has been our instinct or what we've been taught since our childhood to ensure all the doors & windows are closed to be safe.
It is the same way for your website's protection too. One has to ensure that all possible attack areas should be secure. You might know how to lock up your home, but there might be some questions around websites. Let us learn some of the different ways a website might get hacked. This will give us an idea on how to protect it better.
If you have been using any outdated or vulnerable software components (CMS, plugins themes, etc), it might be the reason behind the hack. Attackers can exploit the known vulnerability in these to bypass any web application firewall. Firewalls are not programmed to stop a vulnerability attack.
Multiple unprotected sites on the server without proper isolation can result in Cross-Site Infection. It is recommended that you protect each one of those sites. In addition, also modify the file ownership structure, file permissions, etc. so that all sites are isolated.
We see a lot of credit card hacks on Magento sites. One thing most of them have in common is that they have many missing Magento security patches. We recommend you install all the security patches regularly to secure your website better.
777 permissions on file & folders are exploitable. A permission of 777 means your files are accessible to the public. A remote user could write to or upload files and then trick the server (or some other process on your system) into reading or executing them. It’s very difficult to lock down every single way this could happen if there are world-writable directories.
We strongly advise against using 777 as file/folder permissions. The recommended permissions are- 755 for folders & 644 for files. Refer to this guide for more information.
If any of the admin account passwords are known to the hacker, they can easily log in to the backend and perform malicious actions. Ensure no admin account is compromised on your website.
The Astra Firewall comes with different features. Most powerful of which is the ability to whitelist parameters/URLs, etc. If a suspicious URL is whitelisted, the firewall would not be able to monitor any activity from that URL. This vitally means the attacker can upload a malicious file to a page.
Daily backups are often done on websites for any emergencies at a later time. Sometimes the website owners can restore a previously infected backup and thus have an infected site. Firewalls have no role of protection in this case.
We have seen cases where a site developer went rogue and placed a backdoor in the site. In other situations, someone with physical access to the developer’s system or such important devices can also harm the site. Firewalls can not possibly protect you from this.
Security vulnerabilities such as business logic errors and others can aid an attacker in hacking a website. While a WAF can stop attacks trying to exploit many of such vulnerabilities, it is still recommended to have a [](https://www.getastra.com/vapt/website-vapt)[security audit](https://www.getastra.com/vapt/website-vapt) done on your website in addition to the firewall.
One of the biggest risks is the usage of weak passwords. More often than not web owners overlook the importance to create and use safe passwords. An attacker can easily brute force/guess these and get access to the user or admin’s profile. Refer to this guide to learn more about how to create a strong password.
Improper configuration of CMS can sometimes result in giving privileged access to unauthorized users. For example, new users in WordPress get added as Admin instead of subscribers.
Phishing is a highly used trick to fish sensitive details. Hackers can use phishing to get privileged users such as admins to enter their passwords in fake pages and thus obtain backend access.
Having insecure open ports can serve attackers to perform attacks that can bypass web application firewalls.
Using plugins that are no longer supported again poses serious risks. This can result in the exploitation of unpatched vulnerabilities by hackers. For instance, the Yuzo-related posts plugin, the rich review is no longer supported and is vulnerable.
Note: The reasons why a website could get infected even if it’s running a firewall include, but are not limited to, the above.
Note: If you are a WordPress user, you can eliminate most of these vulnerabilities using a single plugin- WP Hardening by Astra. WP Hardening is a security audit & fixer tool for WordPress. You can secure 12+ security areas on your WordPress with this plugin.
Let us say you install a security system to protect your house from theft or burglary. Just because you have a security system - do you keep the house doors, windows, or any entrance to your house open? No, right? This has been our instinct or what we've been taught since our childhood to ensure all the doors & windows are closed to be safe.
It is the same way for your website's protection too. One has to ensure that all possible attack areas should be secure. You might know how to lock up your home, but there might be some questions around websites. Let us learn some of the different ways a website might get hacked. This will give us an idea on how to protect it better.
Outdated or Vulnerable Software Components
If you have been using any outdated or vulnerable software components (CMS, plugins themes, etc), it might be the reason behind the hack. Attackers can exploit the known vulnerability in these to bypass any web application firewall. Firewalls are not programmed to stop a vulnerability attack.
Shared hosting environments
Multiple unprotected sites on the server without proper isolation can result in Cross-Site Infection. It is recommended that you protect each one of those sites. In addition, also modify the file ownership structure, file permissions, etc. so that all sites are isolated.
Missing Security Patches
We see a lot of credit card hacks on Magento sites. One thing most of them have in common is that they have many missing Magento security patches. We recommend you install all the security patches regularly to secure your website better.
Improper file/folder permissions
777 permissions on file & folders are exploitable. A permission of 777 means your files are accessible to the public. A remote user could write to or upload files and then trick the server (or some other process on your system) into reading or executing them. It’s very difficult to lock down every single way this could happen if there are world-writable directories.
We strongly advise against using 777 as file/folder permissions. The recommended permissions are- 755 for folders & 644 for files. Refer to this guide for more information.
Compromised Admin accounts/passwords.
If any of the admin account passwords are known to the hacker, they can easily log in to the backend and perform malicious actions. Ensure no admin account is compromised on your website.
Improper implementation of WAF
The Astra Firewall comes with different features. Most powerful of which is the ability to whitelist parameters/URLs, etc. If a suspicious URL is whitelisted, the firewall would not be able to monitor any activity from that URL. This vitally means the attacker can upload a malicious file to a page.
Restoring from infected backups
Daily backups are often done on websites for any emergencies at a later time. Sometimes the website owners can restore a previously infected backup and thus have an infected site. Firewalls have no role of protection in this case.
Rogue developers/third-party access
We have seen cases where a site developer went rogue and placed a backdoor in the site. In other situations, someone with physical access to the developer’s system or such important devices can also harm the site. Firewalls can not possibly protect you from this.
Business-logic Vulnerabilities
Security vulnerabilities such as business logic errors and others can aid an attacker in hacking a website. While a WAF can stop attacks trying to exploit many of such vulnerabilities, it is still recommended to have a [](https://www.getastra.com/vapt/website-vapt)[security audit](https://www.getastra.com/vapt/website-vapt) done on your website in addition to the firewall.
Weak passwords
One of the biggest risks is the usage of weak passwords. More often than not web owners overlook the importance to create and use safe passwords. An attacker can easily brute force/guess these and get access to the user or admin’s profile. Refer to this guide to learn more about how to create a strong password.
Improper CMS configuration
Improper configuration of CMS can sometimes result in giving privileged access to unauthorized users. For example, new users in WordPress get added as Admin instead of subscribers.
Phishing
Phishing is a highly used trick to fish sensitive details. Hackers can use phishing to get privileged users such as admins to enter their passwords in fake pages and thus obtain backend access.
Open ports (SSH, FTP, Database)
Having insecure open ports can serve attackers to perform attacks that can bypass web application firewalls.
Usage of plugins that are no longer supported
Using plugins that are no longer supported again poses serious risks. This can result in the exploitation of unpatched vulnerabilities by hackers. For instance, the Yuzo-related posts plugin, the rich review is no longer supported and is vulnerable.
Note: The reasons why a website could get infected even if it’s running a firewall include, but are not limited to, the above.
Note: If you are a WordPress user, you can eliminate most of these vulnerabilities using a single plugin- WP Hardening by Astra. WP Hardening is a security audit & fixer tool for WordPress. You can secure 12+ security areas on your WordPress with this plugin.
Updated on: 25/05/2022
Thank you!