A backdoor lets an attacker gain access to your environment via what you would consider to be abnormal methods — FTP, SFTP, WP-ADMIN, etc. They are often attributed to cross-site contamination incidents — i.e. when websites infect other websites on the same server. The attack often happens because of out-of-date software or security holes in code.