Troubling: Many Big Hosting Companies Have Hacked Websites

Troubling: Many Big Hosting Companies Have Hacked Websites
  • 7 min read

Got malware or a hacked website? It’s growing, and with alarming frequency. It’s suggested that there are more than 1 billion malware programs in circulation, and more than 500,000 new pieces of malware are detected every day. The good news is that attacks seem to be decreasing. According to Statista, there were 5 billion malware attacks in 2021, which is down from the 10 billion seen in 2018. 

You can easily get infected, or infect others with malware. 

  • Opening an infected email attachment or clicking on a malicious link.
  • Downloading infected software or files.
  • Visiting a compromised or malicious website.
  • Using infected USB drives or other removable media.
  • Installing infected apps or games on your phone or tablet.

More alarming are websites migrated to Rocket from big hosting companies that are already hacked or contain malware. Often our new customers don’t even know their sites were hacked. Their hosts have never notified them about any problems, some have had security issues for years.

Keep your WordPress protected from malware

Have an existing site you’re moving over that’s been previously infected? You probably didn’t even know. Our platform will automatically clean your site of any malware and/or malicious code upon migrating for free.

But first, let’s talk about malware – yes, again.

What are the Different Types of Malware?

Malware is short for malicious software. It’s any software designed to harm or exploit your or the computer systems of your clients. Large or small, malware can take many forms, including viruses, worms, Trojan horses, ransomware, and spyware. 

What are the different types of malware? Malware differs according to the way it’s programmed, its purpose and its effect. The most common types of malware include:

Viruses: Computer viruses are programmed to infect a system and then spread on it independently by making copies of themselves. In doing so, they can specifically disrupt functions, destroy data, damage hardware and spy on the user. You’ve probably encountered one of these in your own system.

Worms: Computer worms are similar to computer viruses. They duplicate themselves just as actively and can damage the system. They can also give third parties unnoticed control over the computer (backdoor function). Networks and removable media serve as gateways. 

Ransomware: This malware locks the user out of their own computer by blocking access to the operating system or blocking important files. In order to remove the locks, the program demands a ransom payment.

Spyware: Spyware (spy software) reads user data unnoticed, records user behavior and forwards this data to third parties. The aim is usually to evaluate the data for commercial purposes – for example, to display individualized advertisements.

Trojan horse: Like the eponymous wooden horse from the ancient myth, these programs pretend to be harmless or even useful. Instead, they infiltrate the system with hidden functions that unnoticed monitor data traffic, copy and send files, execute and modify programs or install other malware. The “Trojans” can even be controlled remotely via a backdoor function. Infected computers are usually misused for cybercriminal purposes.

Probably the worst of these is Ransomware. YUM! Brands, IKEA, Continental – even the City of Antwerp have been victims of Ransomware attacks in the last year. They come in the most imaginative of names, too — like the B Team of some Marvel comic. Bitpaymer, Dharma, Netwalker, and WannCry are just some of those viruses you may have heard of.

“Every day, over 200,000 new ransomware strains are detected, meaning that every minute brings us 140 new ransomware strains capable of evading detection and inflicting irreparable damage.”

Heimdal Security

Hacked Website? I Thought WordPress Was Secure 

Yes, WordPress is secure – if you follow best practices. Any software has vulnerabilities and this is why managed hosting – that updates WordPress Core and plugins regularly – is so vital to the security of your site. 

WordPress websites are relatively easy to build, but they come with security issues if you don’t place proper controls on your data. Typically, WordPress users add security plugins. They will notify you when unauthorized access occurs. However, there are certain drawbacks to using security plugins.

The PHP malware is notorious and a boon to the attacker because it strikes at the source, which means, instead of undoing the security measures, it disables the security plugins themselves. As a result, when an attacker tries to steal your WordPress website data, the security plugins can no longer send you notifications about something going wrong. (that’s us) provides fully integrated and ready to use CDN/WAF, powered by CloudFlare Enterprise is pre-configured and ready to use, meaning without much knowledge you can deploy a scalable WordPress installation to 200+ pops, enjoy full page caching and be protected by an enterprise WAF, without the need for a single plugin.

Every WordPress install on our Platform receives not one, but two firewalls. The first one lives out at the Edge and is powered by Cloudflare Enterprise. Every request to your WordPress site is scanned by this Firewall first, then if deemed safe, sent to our servers.The second is powered by Imunify360 and lives on all servers. This provides additional protection from brute force attacks, 0-day exploits, and much more.

How can I Protect Myself from Malware?

An up-to-date and proven antivirus program offers the best protection against malware. Today, it’s part of the basic equipment of every computer. If none is available, you should install one of the proven protection programs as soon as possible. 

Beyond that, prevention is the only way to arm yourself with sensible security practices and a good website manager. This means careful, smart use of computers, software and the Internet. The best way to protect yourself from malware is to take a few precautions to reduce the risk of a malicious program settling on your computer or landing on your website. 

Here are some basic rules:

  • Always keep your operating system and the programs installed on it up to date.
  • Activate the firewall – this protects against unauthorized network access.
  • Install only programs that come from trusted sources and that you really need.
  • Back up important data regularly on external data media.
  • Always keep the automatic update function of your antivirus program active so that it always receives the latest virus definitions. If these are outdated, the program cannot identify current viruses.
  • You get what you pay for — don’t try and save money on the security of your websites.

“A software backdoor is a way for an attacker to create a secret and persistent entry into a system. In the case of WordPress, the malware will create a backdoor by registering a new, legitimate-sounding WordPress user account with administrator privileges.”

How can I Protect my WordPress Websites from Malware?

Here we come to the real question. How can you increase your WordPress security? Rocket goes the extra mile to take care of our customers. We’re not now, nor will we ever be, commodity hosting. Websites are simply too important to us. You get what you pay for, and that includes security. We’re seeing more and more websites that come to us, already infected with malware. That shouldn’t happen – especially from big names in the hosting space.

Case in Point

We had a recent case where a customer had four badly hacked sites and really needed help. We didn’t turn them away. Despite taking a few hours to secure their sites, we went in and fixed everything for them and they were delighted.

Managed hosting means just that. From our free migrations to automated updates, from speed to security, managed hosting means that someone is really managing your website and don’t need to worry about a hacked website again.

Malware Protection Solution: Your Own WordPress Maintenance

Keep your WordPress themes and plugins updated. Remove any unused themes and inactive plugins too. Did you know? Rocket offers automatic updates.

Don’t use nulled themes or plugins either. In fact, they aren’t allowed on Rocket. We found many instances where customers had nulled versions of their themes and plugins, often paying developers to build their sites and didn’t know they weren’t licensed versions. We spend the time to notify them of the security issues instead of turning a blind eye.

Be security conscious when it comes to adding your admin profiles and setting passwords. Security always comes down to the weakest link. Delete admin profiles when they are no longer needed. Use unique passwords, add a two-factor authentication for your Admin login too. Did you know? Rocket offers activity logging for free as well.

Malware Protection Solution: No More Hacked Websites

Is your web host secure? Performance and security are probably the two most important words when you think about your website. Security isn’t something you want to save money on. Despite many malicious attacks on users, our enterprise level security systems manage to successfully eliminate all threats, keeping our users safe and worry-free.

Malware Protection Solution: The Best WordPress Security Plugins

Here are the five best WordPress security plugins out there if you’re not hosting on Remember you don’t need any of these if you are a Rocket customer.

  • iThemes Security: iThemes security is a feature-packed WordPress security plugin that is available in both free and paid versions for WordPress sites. The paid version provides access to a lot of great security features like strong password protection, securing your databases, protection against brute force attacks, and providing two-factor authentication, among others. You also get dedicated support and website monitoring.
  • Wordfence Security: WordFence Security boasts of an extensive database of criminal IP addresses, and it’s excellent at protecting your site from brute force attacks and real-time security monitoring. You get firewall protection, login page protection, and IP blacklisting, among others.The free version is excellent, but the paid version offers dedicated support, two-factor authentication, spam protection, and geographic protection.
  • Sucuri Security: Once installed, this plugin will automatically scan your site looking for any infected files or any known sources of security weakness. It then helps you restore or repair your site to keep it secure. It also offers malware scanning, strengthens existing security protocols, and provides regular website monitoring. 
  • All In One WP Security & Firewall: This tool is free and while not exactly beginner-friendly but it offers a lot of features like user account monitoring, site firewalls, IP protection, malware scans, and a lot more

Malware Protection Solution For Agencies: The Platform

When you have dozens or even hundreds of sites to manage, provides a powerful managed hosting solution for agencies without relying on other security plugins to protect your client websites. When you order a WordPress instance from us, no matter what tier, it will come with 24/7/365 security including comprehensive malware scanning. 

Comparing vs WP Engine

When it comes to comparing and WP Engine, you’ll find to not only be faster and more secure, but backed by a customer service team where you’re much more than just a number no matter how much you spend with us.

Real-time Malware Scanning: YES / WP Engine No

Comparing vs Kinsta

A finely-tuned CDN powered by Cloudflare Enterprise, no stingy PHP worker limitations, no hidden upsells, and an unwavering commitment to customer support are all reasons why you need to switch from Kinsta to

Real-time Malware Scanning: YES / Kinsta No

Migrate to Today with Confidence

We take security seriously at – for existing and new customers – unlike many “managed WordPress” hosts. Let the experts handle all of this for you on our end, so you don’t have to worry about anything other than focusing on building your business.

New call-to-action