How critical is your website to your business? Would your business suffer if your website was taken down? What about if your website content was replaced with something else? What if your customers started receiving spam emails from you?
These are all realistic scenarios that could result from your website being hacked.
As a small business owner, you might be wondering why your website would get hacked? You probably think there is nothing of value on your site. Or. Your business is small enough that it will go unnoticed by hackers.
You might be feeling safe because it won’t happen to you….
Well. You would be wrong.
First, let me start by explaining;
Why websites get hacked
There are many reasons why websites get hacked. You have probably heard of databases being stolen to access personal details, or websites being defaced or replaced with unpleasant content. Apart from these most known reasons, there are also much lesser known reasons. I will try to list them here, although this list isn’t complete, I want to show you that there are many reasons your website is a good target for hackers.
- To use your email server as a relay for spam.
- Set up a temporary web server to serve illegal content.
- Use your server as part of a botnet to run malicious code.
- To mine for bitcoins.
- To install ransomware.
- To carry out Black Hat SEO and influence search engine results.
- Employ ‘drive-by-downloads’, a practice that infects your visitors’ computers.
How websites get hacked
Attacks fit into two categories: targeted attacks, and automated attacks.
Targeted attacks are carried out against high profile targets. The hacker works tirelessly, often needing a lot of skill to access files and databases that can then be sold for large sums of money. The reward for the hacker from one attack is great and the cash often funds extremist groups and other gangs.
For the majority of websites, the attacks are completely automated. Automated tools and scripts are used to work through long lists of websites, looking for vulnerabilities that can be exploited. This approach significantly increases the chance of success by increasing the number of sites that can be attacked with very little effort for the hacker.
If you are a victim of hacking, it is most likely to be from an automated script (also called bot). The good thing is once the scripts have been identified, security software providers then take steps to fix the vulnerability, stopping the script from hacking into your site.
There is a lot of easily obtainable information about your website and the software it has on it. Just go to builtwith.com and enter your website, you will see for yourself what information is available for the whole world to see.
From this information, automatic scripts can identify any vulnerabilities that may exist in the website code and then deploy a further script to take advantage of your vulnerability.
This post here >> https://threatpost.com/1-5m-unpatched-wordpress-sites-hacked-following-vulnerability-disclosure/123691/ describes how a vulnerability in WordPress 4.7.1 was responsible for 1.5 million websites being defaced. There is a script looking at the WordPress versions, looking for version 4.7.1, knowing that it has a vulnerability. The script can then hack into the site and cause mayhem.
It is that easy.
Scripts also exist to break into a site by guessing the password using brute force. Once the attacker gains access this way they can change your password and lock you out. Making recovery a very complicated process.
How does hacking affect your ability to generate leads and make sales on your website?
If a new visitor sees your site has been hacked, this will affect their trust in your business and are less likely to return to try again.
Even if your most loyal customer keeps visiting your site, they probably won’t be able to make a purchase because your site is down, defaced or lacking in functionality somehow.
What can you do to safe guard against hacking?
Thankfully, it’s not rocket science to protect yourself against hackers. Here are my top 10 tips for how to protect yourself against hacking.
- Always keep your website software up to date. Updates are released containing the latest security patches to protect you against hacking. Make sure you ALWAYS update to the latest versions.
- Never leave any software plugin in a debug mode. This mode will print errors to the screen and give hackers extra information about your website.
- Use complex passwords. However annoying they may be, making your password something hard to guess will make the hackers life harder!
- Think twice before you allow people to upload files to your website. They can upload potentially harmful files. If it is an absolute necessity to have your visitors upload their files then speak to your website hosting provider who can help you secure your site further.
- Use https for your website. Not only does this help your search engine position but it also safeguards against hackers accessing any information being sent between your server and a visitors browser.
- Install security applications if one exists for your website platform. I use Wordfence on my website and it tells you how many attacks it stops.
- Hide admin pages so they can’t be found in search engines. You could even rename them to stop automated bots from accessing them. WordPress has this plugin to help you hide your admin page. https://wordpress.org/plugins/wps-hide-login/
- Periodically check your website for vulnerabilities. There are a few free tools that can help you identify security problems.
- Always back up your website. One day you will be glad you did.
I'm not a cyber security expert but I receive a few emails each month telling me my email account has been hacked so I wanted to offer you the same advice that I give to my clients. The big question is have you really been hacked? Should you believe the emails or...
I decided to write 'A guide to WordPress security for technophobes' because I see the insides of many WordPress websites every day. Mostly from tiny business being run by one or two people. Two things are evident. Security is not a priority and even if it was , they...
Ever since Google announced that an SSL certificate will help you rank better on Google, businesses have gradually been changing their websites over from the non-secure format of http://www….. to the more secure format of https://www…. It can be quite a lot of work,...