A lot of us are a little sloppy about keeping our desktop and other documents organized. Sometimes things get too disorganized in other venues… like our websites, for instance. Recently a client needed to deal with their site being hacked because it was being used as a part of a “phishing” scheme to trick people into revealing their usernames and passwords for websites like their bank. Criminals sell this information to other criminals.
There are a number of organizations that monitor such activity and make the information about compromised websites widely available. When your website makes these lists it is likely to get “blacklisted”. When your website is blacklisted your company emails could get blocked. Google and other search engines could de-list you so that you disappear from search results. This is the opposite of search engine optimization (SEO).
My client learned the hard way that failed installs and old software left on their website had become a security risk and had very likely been exploited by criminal hackers. They asked me to quarterback the correction so I brought in a developer who was familiar with some aspects of the site. Even after the developers cleaned up the site it will need to be monitored because nothing is completely certain in a circumstance like this.
In addition, like the software on your computer, server software needs to be updated to the current releases to ensure that it is not easily hacked. The ISP (Internet Service Provider) in my client’s case was not updating one of their most basic server software, PHP, because they were afraid of breaking the functionality of some of the sites that they host. I disagree with that kind of reasoning. It’s better to require necessary changes to functionality programming than to jeopardize the security of all the hosted sites.