Over the past few years there has been an increase in cyber-attacks and data security breaches – a concerning trend that seems set to continue. Close to home, companies like Medibank and Optus have suffered significant attacks, amplifying the need for online security measures. However, the vulnerability to these attacks extends beyond just large companies – every website on the internet can be at risk of hacking.

In this article we will explain the motivations and methods behind website hacks, and what we do here at SWiM to keep your website safe and secure.

Why do websites get hacked?

The main reason websites are hacked is for financial gain. Hackers can gain large sums of money by targeting even small businesses. Some ways include:

Data Theft: Hackers steal your data to orchestrate scams, commit identity theft and fraud, and to on sell to the dark web.

Spamdexing: Hackers insert keywords and spam content into your website to act as ads or links for monetary gain.

Malware Injection: Hackers implant malware into websites. This malware can then extract sensitive data, demand ransoms, or even spy on users.

Why do hackers target WordPress?

While all CMS platforms are vulnerable to hacking, one of the reasons WordPress is targeted by hackers is its sheer prevalence (43% of all websites on the internet!). WordPress also needs to be armed with security measures, and unfortunately many people neglect this. This combination of factors can make WordPress appealing for those with malicious intent.

The impact of your website being hacked can be enormous, with consequences like loss of data, reputation damage, and legal ramifications. Don’t be alarmed though! Armed with the right security practices, your website is well protected.

How does SWiM keep my website safe and Prevent hacking?

At SWiM, we understand that security is at the forefront of your mind. This is why we encourage having dedicated security practices in place for every website. We use a variety of industry best practices to safeguard your website:

On Our Systems


1. Secured Hosting

Our hosting is secured using ConfigServer Security & Firewall (CSF), which is a firewall application suite designed to enhance the security of servers using a variety of tools to prevent against threats. We also have a strong password policy, encrypt our passwords, and use two-factor authentication. 

2. Stateful Packet Inspection (SPI)

CSF uses stateful packet inspection to scrutinise ongoing traffic. If a packet is suspicious or isn’t part of a known, safe connection it is denied access.

3. Login Intrusion Detection

CSF monitors system logs for any unauthorised or failed login attempts, identifying brute force attacks. 

4. IP, User and Country Blocking

Our servers can be configured to allow or deny traffic based on IP, port, country, or other criteria. These blocks can be temporary or permanent. We also proactively block traffic from specific regions associated with cyberattacks. Detailed reports can be generated to track blocked IPs, allowed IPs, and other firewall activities. We also scan log files for failed login attempts and ban the IP addresses responsible for repeated failures. 

4. DoS Prevention

A Denial-of-Service (DoS) Attack occurs when a server is flooded with suspicious connections in an attempt to limit the resources to legitimate visitors. We limit the number of simultaneous connections to specified ports or IP addresses to prevent DoS and flood attacks. 

5. Regular Reporting and Updating

We receive regular security reports from our security services, and immediate alerts if something suspicious is detected. Our servers undergo a combination of automatic and manual maintenance to patch vulnerabilities and enhance functionality.

On Your Website


1. Strong Passwords and 2FA

Passwords are one of the most vulnerable access points for a hacker. We follow protocols for password strength, reuse, compromised status, and age. We also encourage our clients to use two-factor authentication, password-less sign-in, and biometrics to further reduce the potential exposure from a password-based attack. 

2. Dashboard and Login Customisation

We customise the dashboard and login URLs for sites that SWiM manages. While this will not stop an attack, it makes it harder for hackers to know where to begin – “Security by obscurity”

3. Disallowing File Edits

We use many third-party services when building a website, and unfortunately, not all developers secure their products. This is why we prohibit file edits for all third-party components.  

4. Regular WordPress Core and Plugin Updates

Regularly updating your website prevents hackers from exploiting weaknesses in code. When a vulnerability is discovered, we patch it ASAP to prevent its abuse.  

5. SSL Implementation

This additional layer of essential security encrypts your website’s data and provides communications security over global networks. This certificate provides an extra layer of data encryption and integrity, while also giving visitors confidence in the credibility of your site and protection from phishing attempts. 

Please note: Security measures may vary based on each website’s unique requirements.

While no one security measure can guarantee prevention against hacking, at SWiM we are confident the combination of security practices we use significantly reduces the likelihood of your website getting hacked. If you have any questions about our security practices or would like to implement additional safeguards like Two-Factor Authentication, please contact us. We’re here to help!