Understanding website hacks

Our beliefs about website security

REALITY – millions of websites are hacked every year.

  • Incoming payments reverted.
  • Sensitive information stolen for spam and identity theft.
  • Sites defaced with obnoxious ads.
  • Botnets set-up for malware and attacking other machines.

Hackers and bots keep getting smarter and more aggressive every year. Stopping them requires understanding of how hackers work…what they target, what they want, and how they get in!


WHY security is best implemented at the server level

Website security is best managed at the server-level! This is because hacking is not only a security issue but also a performance issue. Hackers use millions of bots to attack sites everyday. If your server cannot quickly deal with attacks, it will immediately get overwhelmed and go down. For this reason, it’s best to secure against attacks at the server level, since the server is higher-up in the network layers and can therefore deflect attacks more efficiently than at the software level.

Put it this way…who should ask for ID’s at the bar? The bouncer or the bartender? It’s most ideal if the bouncer does it since he runs the door. The bartender should be busy serving drinks and processing qualified users, not wasting time checking ID. Website security works in a similar way…its best if your let your server handle security (at the server level) and not wasting precious PHP processing power on security at the application level.



To be brief, we generalize all server/website attacks into 2 categories:

INTRUSION attacks:

  • When hackers enter your server to install malware and/or steal sensitive data.
  • They can also change data to show ads, backlink to their sites (SEO purpose), or divert your customers payments to their own account.
  • Some will even take over your site and charge you ransom to release it back to you.

DDOS attacks:

  • This type of hacking bombards the server with constant requests until it goes down.
  • It’s commonly used to attack government sites, religious sites, or even businesses.
  • It’s the equivalent of telling all your friends to call the local politician and tie up their phone lines so they can’t function.


HOW hackers get in

Hackers target usually either target at the network layers (data packets, delivery), server layer (operating system, Linux), or application layer (WordPress). NOTE: I am not following the 7-layer OSI model.