The most common reasons for a hacked (defaced) website include:
- Outdated web application. Every popular web application (Joomla, WordPress, PhpBB...) has had security problems and that's why you have to use always the latest version.
- Outdated web application extension. If you have installed any third party extensions, you have to keep them up-to-date just as you keep your main web application. Very often users neglect this fact and outdated extensions become easily exploited by intruders.
- Weak user/administrator passwords. You must ensure that all users have strong passwords, especially the admin and the ones who can create content to your site.
- Infected local computer - some computer viruses/worms are known to steal FTP logins and after that add malicious code to web files. For this reason, make sure to have an updated antivirus software and scan your computer for viruses regularly.
If your account was hacked, please be sure it's not related to server security. Our servers have advanced security modules (such as Apache mod_security, Suhosin PHP hardening, PHP open_basedir protection and others) and no more accounts were hacked on the same server, which would most likely show, that the issue would lie in your website.