We’ve all heard about websites being hacked. It’s a problem that’s existed since the early days of the internet and one that won’t be going away any time soon. But the sheer size of the problem is incredibly hard to comprehend.
On April 11 2013, online security and website monitoring experts Sucurirecorded more than 1 million website hacking attempts in a 24 hour period. That in itself sounds like a massive number, but when you realise that this figure was recorded only on their customers sites that they monitor and is not even a worldwide statistic, then you truly start to appreciate the size of the problem.
Whilst not all website hacking attempts are successful, it’s still a numbers game. And with that many attempts per day, even if a minute percentage is successful then a lot of sites are being compromised. In February of this year the NBC, one of the big three television networks in the USA, was a victim of hackers.
NBC’s website was ‘owned’ and used as a go-between in a campaign to infect online visitors automatically, costing NBC tens of thousands of dollars to rectify. But it’s not just the big corporates that are attacked. Often it’s small business websites that are hit as they are often the ones that are seen as a soft target.
Whether you’re a business owner or web designer, the thought of having a website crippled or wiped out entirely by a nefarious hacker is a very scary thought. It’s one that most people tend to not think about, rather than confront the reality that, statistically, sooner or later it will happen.
What happens when a website is hacked?
This varies a lot depending on the intention of the hacker. They may install ‘malware’ – computer viruses, worms, trojan horses, spyware, dishonest adware, scareware, crimeware, rootkits, or other malicious and unwanted software. Once added to your website it may be used to display dubious content, attack visitors to your site, send spam emails, steal login credentials or other rogue actions.
Search engines will probably pick up on the presence of ‘foreign material’ on your site and warn searchers that the site should be avoided, damaging your reputation. They may also penalise your site and drop you down the search results.
In many cases the hackers are extra sneaky, inserting hidden links to other dubious websites. You may not even see anything wrong. Hackers may access your site’s data, gathering personal information about customers or registered users. They may also just trash your site or delete it in its entirety.
Four steps to combat website hacking:
- Keep the WordPress platform and plugins up to date
- Use secure passwords
- Install additional web security measures (such as a firewall) to protect your site against attacks
- Have a regular (preferably automated) backup procedure that provides rapid restoration of a corrupted site
We will discuss these four points in more detail in an upcoming blog post. In the meantime, here’s an interesting infographic….
By Aaron Enright