Currently, there are always risks for websites, some are bigger and some are smaller, but what we focus on are you who handle customers who visit your site, it is an important responsibility up to the Web Manager to review their security on the site, because if you as a customer become a target for intrusion on your site where customer data is leaked, it can become a serious problem, especially within GDPR which was implemented on May 25, 2018.
Different methods:
There are several methods people use to intrude, the most common is to exploit security holes in the systems that are run, or that they find them, and through these security holes, they can execute different types of commands, or gain access to the database where you store administrative information, customer data, or similar.
This is a serious problem with WordPress, which is why they continuously release updates to fix these so-called security holes. The problem with WordPress users is that they use a lot of third-party add-ons to more easily manage their WordPress site, this can create gaps in the security of the site as some add-ons are not certified to be safe, and often the developers do not release updates as frequently as WordPress does.
What many third-party developers do is to develop around WordPress updates, they don't always think the extra step needed to make their website secure, and when they do find these gaps it's often too late, that's why we have launched Sitelock so you as a customer can investigate if your website is in a risk zone and what methods you can use to fix these gaps, and in extreme cases remove this add-on so your site becomes safe again.
Even those who do not run WordPress sites may now think that they are safe, but you are not, these problems are common with other Content Management Systems (CMS) such as Joomla, PrestaShop and many more, then even those of you who run simpler variants and do not run with database management, there you are in the risk zone for something called Adware/Spyware, and this is a process that is often automated by something called a bot that searches for sites and tries to implement malicious code on your site, this affects those who visit the site and you notice that you get lots of boxes with advertising that should not be there.
These advertisements store a lot of information that is then sold on various forums and providers who are specifically after this information, the most common what they store are IP addresses, what type of computer you have and much more, this can then be used to execute code on your browser which in turn affects your computer, because if you get it from a site it puts a code that hides itself and puts up the same advertisements on other sites.