Attacking a website is done by two main methods. The first is by carrying out a Distributed Denial of Service (DDoS) attack which overwhelms a website's servers and forces it to shut down.

Use a prompt and not an inline password field if you're not completely sure and don't defer its execution (that is, it shouldn't live to a point where events have access to it but only in sync code).