Blog Menu

I write and curate content for Bluehost. I hope this blog post is helpful.
Are you looking at creating a blog, website or an online store? Bluehost has something for everyone. Get started today.

Websites are powerful tools that can do a lot of good for your organization, but they can also expose you and your visitors to security risks. Four out of every five websites either have vulnerabilities now or have exposed their enterprises and visitors to malicious code, viruses, and other cyber-criminal activities in the past. And although everyone on the web should always be careful, business owners have an added responsibility to keep data safe and secure. Safeguard your site — and your customers — from the seven common hacks in this infographic. And spoiler alert: there’s a text-friendly version below.
Protect Yourself Infographic Final

  1. Cross-site scripting (XSS) attacks typically occur when hackers inject malicious code into an app in an attempt to pass the script onto unsuspecting end-users. Hackers construct a tripwire for visitors, using their malicious script to harvest credentials and personal information to impersonate known users.
  2. DDOS attacks disrupt a server’s ability to function normally. These attacks flood the server with legitimate requests beyond scaling capabilities until eventually the site crashes.
  3. WordPress attackers leverage code vulnerabilities or plugin weaknesses. Brute Force attacks — where hackers gain access by trying thousands of password combinations until they “guess” the right combination to access your site — are a known problem for WordPress websites. Once inside, they change permissions, inject malicious code, and disrupt the normal processes.
  4. Cyber attacks that focus on tricking visitors into performing a certain action like clicking on a button, entering specific information, or visiting target pages seek access to inject malicious content precisely where it will do the most harm. Social engineering attacks are very difficult to control.
  5. Clickjacking, where attackers use invisible or opaque layers to trick website visitors into clicking on a layer without knowing it, triggers a script or malicious code string.
  6. DNS cache poisoning diverts traffic from legitimate servers to fake websites — and servers — replicating itself from site to site or server to server.
  7. Symlinking involves a scheme where cyber-criminals breach a vulnerable site to gain root access to the entire server. Once they’ve gained entrance, they can potentially take down all the websites on the server.

How to Keep Your Site Secure
With so many different types of attacks, what can you do to protect your assets and your reputation?

  • Update all software and patches promptly. Software updates help eliminate known vulnerabilities.
  • Leverage operating system security features that support rigorous authentication protocol.
  • Implement password protection policies that include two-step authentication.
  • Lock private files and folders to limit access should a hacker access the network.
  • Be hyper-vigilant about which websites you visit, especially when surfing with administrative account credentials.
  • Post a privacy policy to inform consumers about what data you collect and what you intend to do with that data.
  • Deploy next gen firewalls, sandboxing techniques, and other advanced security protocol to protect both external and internal perimeters.
  • Download anti-spyware and antivirus software on all devices connected to your network.
  • Back up frequently and consider off-site storage.


  • Trust user input. Strip all HTML before passing along user input.
  • Click on links or attachments included in emails from unknown sources.
  • Click on pop-ups (including the close tab) from suspicious sources. Just back out of the page.
  • Use free downloads (unless you’re confident the source is trustworthy).
  • Shop on a site that doesn’t display SSL signals. Look for “https,” the tiny lock on the left side of the URL, and a green background in the address bar.
  • Provide hints that could help hackers guess passwords and usernames.
  • Collect unnecessary data that may be hijacked to implement an XSS scheme.

Dealing With the Aftermath of a Security Breach
If you discover that your website has been the victim of hackers or if an employee accidentally downloads a file infected with malware, immediately:

  1. Isolate the problem.
  2. Purge infected files and folders.
  3. Download tools to clean your files — remember only download from a site you trust completely or that trusted sources have recommended.
  4. Own up to the situation — without making excuses — to your customers as soon as possible. Explain what happened, tell them what steps they can do to protect themselves, and let them know exactly what you are doing to mitigate damage and prevent future events.

Creating a WordPress website with a strong focus on security is one way to build a solid reputation with your customers and site visitors. Make sure you choose a web hosting partner that takes your security as seriously as you do.

Learn more about Bluehost Editorial Guidelines