Security
Why business websites get hacked
The common causes — outdated plugins, weak passwords, bad hosting, and missing patches — and how Melbourne businesses reduce risk.
Need help with this? Talk to our Cyber Security team
It is rarely “random”
Most website compromises are automated scans for known vulnerabilities — outdated WordPress plugins, exposed admin logins, misconfigured S3 buckets, or stolen FTP passwords. Attackers deploy SEO spam, phishing pages, or cryptominers because the site is easy, not because you were targeted.
Top causes we see
Unpatched CMS and plugins, shared hosting with weak isolation, admin URLs without MFA, nulled themes, and form plugins sending mail without validation. DNS or registrar takeover from reused passwords is equally common and can hijack email as well as the site.
Signs you are already affected
Sudden traffic spikes, new admin users, unknown files in uploads, Google Safe Browsing warnings, or mail blacklisting. Compare your live headers and TLS setup with a site check — unexpected redirects or missing HTTPS often show up before customers complain.
Prevention that sticks
Separate staging and production, enforce MFA on hosting and CMS, auto-update where safe, use a WAF or CDN, and restrict file execution in upload directories. Rebuild on a maintained stack if you are fighting the platform every month — prevention beats repeated cleanup bills.
Related service
This is part of our Cyber Security service for Melbourne businesses.
Try it now
Run the related tools
Need a hand?
Run the tools. Then talk to us.
Use our free diagnostics to see what is wrong, then get Melbourne IT support for the fix.
Keep reading
More guides

Cyber insurance requirements for Australian SMBs
What Australian small businesses are typically asked before cyber insurance is approved — MFA, backups, email security — and how to prepare without panic.
- Why insurers ask technical questions
- Controls insurers commonly expect

Website security headers explained
HSTS, CSP and the headers that improve trust, SEO and protection against common attacks.
- Start with the basics
- Check what you already have