Every week Google blacklists over 70,000 websites because they’ve been hacked and the hackers are using the website to send out malware, or they’re using the site to send out phishing attacks! Yup, over 70,000 every week!
Is your site one of the hundreds or thousands that have been hacked and are part of a hackers playground that they are using to send out malicious attacks? Before you answer “no, not my site”, ask yourself how you would know if it was!
Reports suggest that most website owners are completely unaware that their sites have been infiltrated.
How Hacks Happen
Because WordPress is the biggest platform for websites, we’re going to look at this issue of security through the lens of a WP website.
There are basically 4 ways that a hack can happen:
- Your hosting platform is vulnerable
- There is a security issue in the theme of your site
- There is a security issue with a plugin used in your site
- You’re using a weak username/password strategy for your site’s users
A vast majority of websites are hosted in a “shared environment”. A shared environment means that there are more websites, on a server, than just your’s. In these environments, there can be hundreds or even thousands of sites on just one server.
In this situation, you’re only going to be as secure as the weakest link. This means that a hacker may not get to your site directly. They may end up inside of your site as a result of hacking the hosting company. Or, more than likely, they will end up inside of your website as a result of hacking another website that is on the same server that your site is on. Once they are in the server environment, they most likely will try to gain access to the other sites on that same machine.
Security Issues In Themes & Plugins
These two issues can be lumped together because the cause of the problems is the same. Either poorly written code that is used to develop either the theme or the plugin. Or, the theme and the plugin haven’t been kept up-to-date.
To avoid the security problems that can happen with plugins and themes:
- Make sure that the source that you are using to get the theme and/or plugins are reputable. The chances are that if the themes and plugins that you are using are free, the developer isn’t putting much time into the security of the code. This means that you could be vulnerable.
- Make sure that you keep your plugins and themes up-to-date. Every time a developer updates their theme or plugin, there is a really good chance that they are creating that update to fix a security flaw.
Weak Username/Password Strategy
According to Keeper Security, makers of Keeper password manager, the 10 most common passwords in 2016 were:
Come On! No wonder people are getting hacked! Let’s at least make the hackers work to get inside the site.
Don’t Kid Yourself
One of the biggest reasons that a site gets hacked is because nobody thinks that their site will get hacked!
Most of the site’s on the web don’t store credit card information or sensitive data so, consequently, these website owners feel that they won’t be a target of a hack because there isn’t anything that they think is valuable on their site.
But, as I stated earlier, your site may not have anything valuable, but just by being connected to the Internet, your site becomes very valuable in spam and phishing attacks.
Or, consider this. Do you have people signing up for a newsletter, on your site? When they enter their name and email address, are you storing that information within a database on your site? Yup, that could be valuable information to a hacker
Consiquences Of Being Hacked
What about your business? If your site is identified as sending out spam, do you know what to do? Do you know what will happen?
If your hosting company discovers the hack first, your site will be taken offline by your hosting company. And, that’s just the first step. Once your site is taken offline the real work will begin:
- Repair and Cleanup: The damage that was done by the hacker is going to have to be fixed. Chances are really high that they will have installed, at the least, some files in your site, or at the most, they will have altered the core structure of your site. All of this has to get repaired, or if it’s too bad, your site may have to be rebuilt.
- Decreases In Traffic: If Google discovers the hack before your hosting company, you will most likely see dramatically decreased traffic counts. This will primarily be due to your site decreasing rank on search engines. That’s right, there is evidence to suggest that Google will decrease your site’s ranking if it gets hacked. And, according to a recent survey, 45% of website owners that reported being hacked said they never got their old traffic levels back after fixing the hack.
- Trust: One of the most important elements of online marketing is having the user trust your site. Having a site that has been hacked, especially if you’re selling products on your site, is going to create a really big hurdle to get over when it comes to trust!.
Your website’s security is more important than the attention that many businesses give it. If your site gets hacked, there could be a lot of harm done to your business for a very long time. It’s always best to be proactive and get your site’s security on your radar. Put together a process for reviewing your site’s security on a regular basis, and with some luck and a new focus you’ll be able to eliminate this from worry.
If you’re curious about whether or not Google has identified your site as having malicious code in it, here is a link to their scanner. All you have to do is enter the URL for your website, and you’ll receive a report as to whether or not Google has found malicious code on your site.