Yes, they could be! How would you know?! Finding out your website has been hacked is no fun. Even worse is not finding out it has been hacked – until it’s too late.
Finding out your website has been hacked is no fun. Even worse is not finding out it has been hacked – until it’s too late.
If your business website is an effective one, then it’s a very important tool for the wellbeing of your business. If something should happen to that website – for example, someone makes it inaccessible to your customers or compromises its integrity – then your business could suffer serious, even irreparable harm.
Once a hacker gets into your website, the damage they do might even be invisible to everyone, including yourself. In some cases, only a specialist will be able to discern that some malicious so-and-so has been mucking about in your website.
Think of a hacker as a burglar of websites. We all know that no property is burgle-proof against a truly determined burglar. The same holds true for websites and hackers.
If a hacker really wants to get into your website they will.
So the best course of action is to accept the likelihood of a breach and take steps to minimise the risk of it happening in the first place as well as limit the fall-out to your business if (or when) it does happen.
What steps can you take to prevent a hacker from accessing your website?
Any system, irrespective of whether it is state of the art, bespoke or open source, will be insecure if it is not maintained properly. All websites, regardless of the technology used to build them, are targets for hackers, and they all have the potential to be vulnerable – even the websites of big names, such as Google, AOL, Facebook and Sony, have had to endure the red face of being hacked.
Hackers often target open-source content management systems (CMS) – WordPress is one such CMS. This doesn’t mean WordPress or similar CMSs are unreliable; it simply reflects the sheer number of websites built using these systems. And because they are open source and easier to work with, lots of non-specialised people use them to build their websites, then don’t have the expertise to make them secure enough.
This doesn’t mean WordPress or similar CMSs are unreliable; it simply reflects the sheer number of websites built using these systems. And because they are open source and easier to work with, lots of non-specialised people use them to build their websites, then don’t have the expertise to make them secure enough.
All scary stuff, that’s for sure. But that doesn’t mean you need to run and hide.
How can you reduce the risk of being hacked?
The first place to start is to get inside the mind of the hacker itself – look at why they do it.
That can give clues as to how they will go about their dastardly deeds, which, in turn, will provide hints for what you can do to deal with them.
So what’s in it for the hacker?
- Many do it simply for the fun of it – like taggers defacing someone else’s property – pure and simple vandalism.
- Straightforward theft. They steal your intellectual property – either your software’s source code or your entire site structure, which they use elsewhere. Saves them the time and money to develop their own.
- Money (it always comes back to that sooner or later doesn’t it!?). They steal information, such as your customer passwords or credit card information. Or they become pirates, taking over your site and not giving you back control until you pay them.
- They hijack your website and use it as a vehicle to advertise their own products or to direct your customers to other sites.
- They hide behind your website, like Romulans out of Star Trek, using your site as their ‘cloaking device’ for bad activities, such as hiding malicious software for your unsuspecting customers to download to their own systems. This way, their bad deeds are traced back to you, not them!
OK, so that’s how they get their kicks then. Now, how do they do what they do?
Here are just three (there are lots more!) of the ways they can sow their seeds of destruction:
- Passwords. If your password practices are shoddy, you’re pretty much giving them the keys to your kingdom. Easy-to-guess user names and passwords are examples of shoddy practices. The hacker will simply attack your site with thousands of password combinations using a dictionary list of everyday words until they get it right.
- Software security. All software has flaws – that’s why developers constantly churn out patches to update the security of their software. Hackers also know which software has flaws and where to find them, and they work quickly. If you don’t keep up with your software provider’s latest updates, you are leaving the backdoor to your business open for any techno-crook to wander in.
- Distributed Denial of Service (DDoS) attack. This sort of attack often makes the headlines and involves bombarding a web server with thousands or millions of requests in a short time until the server is overwhelmed and shuts down. This sort of attack can shut down a website for days and seriously compromise customer trust.
Once you have unmasked the intruder to your website, it’s not simply a matter of evicting them or removing any bad stuff they might have put there. Remember, they’re burglars, and we all know of the bandits who burgled a home, then simply waited for the homeowners to buy all new stuff with the insurance money before paying them another visit to steal the whole lot again. So you have to make sure to close the gap they took advantage of in the first place.
Some basic hack protection suggestions.
- Passwords. Make sure you use secure passwords – don’t use real words – use a combination of letters and numbers instead.
- Backup. Make regular backups of your website so you have something from which to recover. Otherwise, you may have to rebuild your website from scratch. It’s much quicker and cheaper to restore from a backup than to rebuild.
- Update. Make sure to keep all your software up to date. If your website is hosted, then the hosting company (if it’s a good one) should be keeping the server software up to date. But you must keep any software, such as your content management system (CMS), on your website up to date. WordPress and many other CMS’s will tell you when you login if there are system updates available. Pay attention to these notifications and act on them immediately!
- Monitor. Keep an eye out for any odd activity on your site – for example, repeated incorrect login attempts from the same IP address or from different IP addresses from the same country.
- Security. Make security a core requirement of your website build. If your developer doesn’t know how to make your system ‘hard’ against the more common attacks, get help from a more experienced developer.
If the unthinkable should happen, and your website is hacked, your business could be at risk of losing its online marketing ability. Net Branding has a range of WordPress services available to help keep your website safe. Call Net Branding today to discuss our monthly WordPress Security Service ‘insurance’.
Net Branding has a range of WordPress services available to help keep your website safe.