Most attacks on WordPress are not motivated by personal reasons. Targeted attacks, such as those on political websites, are very rare. In most cases, attackers are after other things, even when there is “nothing to gain.”
Shops store payment data, member sites have user accounts. This data — names, email addresses, passwords, payment information— can be stolen and converted into cash. On websites where user data is stored, the data is usually the target of an attack.
But what if there is no user data on the website at all? Does that automatically protect me against attacks?
Unfortunately not. Because it’s not just data that is of value to attackers.
Taking control of the website
Gaining control of a website is by far the most common motive for cybercriminals to attack a website. The goal is to gain admin access or server access. Anyone with access can insert malicious code.
Compromised websites are used to send spam emails, redirect users to phishing sites, or host malware. There are many ways to use a website for criminal purposes: gambling, pornography, fake shops, SEO spam (backlinks for other sites), affiliate fraud, and so on.
Search engine bots often detect malicious code on a website before the owners themselves do. The website is then classified as dangerous and the search engine removes the site from its index, marking it no longer accessible. Associated email addresses are also affected by such a block, they are blacklisted: All emails are marked as spam.
This can quickly result in quite extensive damage. Cleaning it up involves a lot of work. Without the help of a professional service provider, it is close to impossible for most website owners. Even if you detect and delete the malicious code, the attackers will almost certainly have left an open “backdoor” through which they can inject new malicious code at any time. Finding this backdoor is not easy. And there is no quick solution for rebuilding the site’s good reputation and search engine ranking.
At this point, it pays to have a reliable hosting company who takes security of their servers seriously: If malicious code is detected by your hosting company, they will take your website offline immediately. This way, you hopefully can avoid all the problems that come with being blacklisted.