These days, the word ‘hacker’ is usually associated with images of menacing young people sporting creepy Guy Fawkes masks. The hacker community is much more diverse than most people realize, with talent ranging from exploit discovering ‘leet hacker’, to the annoying and sometimes more destructive ‘script kiddie’ (someone who uses other people hacks, but actually don’t discover any hacks on their own.)
Hacker’s motivations range from technical curiosity to simple theft. Others are interested in exposing security weaknesses or promoting political agendas, hacking is widespread and is only going to become more common. If you have your own website, especially one built on commonly used technologies like WordPress, the bad news is that depending on your plugins, exploits already exist, and are easy to find and execute. There are entire sites dedicated to providing this information, like this.
But it’s Wednesday, lets not start the run towards the weekend on such an anxious note, instead lets enjoy the results of the most entertaining hacking motivation, when hackers do it “For the lulz”. “‘For the lulz” is obviously doing something for its comedic value. A lot of time, these can be pretty gross, extremely offensive, and even straight up evil. But today we’re going to showcase 5 hacked website defacements that are totally safe for work, not too destructive, and at least somewhat entertaining.
#3. Reddit’s /r/gaming defaced to confirm Half Life 3. (If you don’t play PC games, you might not enjoy this one.)
This is in no way a criticism of the security practices of the aforementioned sites, it’s nearly impossible to stay completely ahead of a determined group of security experts, but you can minimize your WordPress site’s risk of compromise by doing some very basic due diligence:
- Use plugins sparingly, and do a little exploit research before you install.
- Keep your site and plugins updated as frequently as possible.
- Run a free scan on your WordPress site to find exploits or compromised files.
- Make sure your passwords are strong and stored in a safe location.
- Find a solid web host, the cheapest might not be the most secure.
- Sign up for a security package with the good people at Sucuri. They’ll monitor your site and clean it if it does get infected.
- BACKUP YOUR SITE REGULARLY!
Remember, a hacked website can happen to anyone and a developer claiming a site is unhackable should be laughed at. If you think your WordPress site might be hacked or need some help scanning for documented vulnerabilities, we’re here to help!