* Outdated web application (Joomla, WordPress, PhpBB…) : Every popular web application has had security problems and that’s why you have to use always the latest version.
* Outdated web application extension (themes, plugins, modules, etc.) : If you have installed any third party extensions, you have to keep them up-to-date just as you keep your main web application. Very often users neglect this fact and outdated extensions become easily exploited by intruders.
* Weak user / administrator passwords : You must ensure that all users have strong passwords, especially the admin and the ones who can create content to your site.
* Virus or the malicious software on the local computer : some computer viruses/worms are known to steal FTP logins and after that add malicious code to web files. For this reason make sure to have an updated antivirus software and scan your computer for viruses regularly.