Have you experienced your Next.js getting hacked?
Has anyone experienced their Next.js website getting hacked?
I'm curious because my own website has never been hacked, while my clients' WordPress-based websites on the same server often get hacked, mostly for "spam advertising" purposes. I think this might be due to malware on the server or session hijacking.
If you have any experience with hacks on a Next.js website, what kind of attacks did you encounter? I never thought about this possibility.
2 Replies
Getting "hacked" in the traditional sense is basically non-existent in non-self hosted sites. Often WordPress users are non-technical and malware can easily be disguised in plugins and themes. This is also an issue for npm libraries but much less prevalent. You can definetly get hacked though for self-hosted solutions of wordpress and next.js, but that's regardless of the framework
In my experience with Next.js productions on sites I haven't seen any vulnerabilities that would let any attackers exploit my application. The only attempts I see are attackers trying to object reference attack often doing queries like /wp-admin or /cgi but next.js doesn't really have a vulnerable routing system like that. The only way for backdoors to happen is if you installed a malicious npm package which is quite rare nowadays.