Estimated reading time: 3 minutes, 43 seconds
Every week Google blacklists over 70,000 websites because they’ve been hacked and the hackers are using the website to send out malware, or they’re using the site to send out phishing attacks! Yup, over 70,000 every week!
Is your site one of the hundreds or thousands that have been hacked and are part of a hackers playground that they are using to send out malicious attacks? Before you answer “no, not my site”, ask yourself how you would know if it was!
Reports suggest that most website owners are completely unaware that their sites have been infiltrated.
Because WordPress is the biggest platform for websites, we’re going to look at this issue of security through the lens of a WP website.
There are basically 4 ways that a hack can happen:
A vast majority of websites are hosted in a “shared environment”. A shared environment means that there are more websites, on a server, than just your’s. In these environments, there can be hundreds or even thousands of sites on just one server.
In this situation, you’re only going to be as secure as the weakest link. This means that a hacker may not get to your site directly. They may end up inside of your site as a result of hacking the hosting company. Or, more than likely, they will end up inside of your website as a result of hacking another website that is on the same server that your site is on. Once they are in the server environment, they most likely will try to gain access to the other sites on that same machine.
Security Issues In Themes & Plugins
These two issues can be lumped together because the cause of the problems is the same. Either poorly written code that is used to develop either the theme or the plugin. Or, the theme and the plugin haven’t been kept up-to-date.
To avoid the security problems that can happen with plugins and themes:
Weak Username/Password Strategy
According to Keeper Security, makers of Keeper password manager, the 10 most common passwords in 2016 were:
Come On! No wonder people are getting hacked! Let’s at least make the hackers work to get inside the site.
One of the biggest reasons that a site gets hacked is because nobody thinks that their site will get hacked!
Most of the site’s on the web don’t store credit card information or sensitive data so, consequently, these website owners feel that they won’t be a target of a hack because there isn’t anything that they think is valuable on their site.
But, as I stated earlier, your site may not have anything valuable, but just by being connected to the Internet, your site becomes very valuable in spam and phishing attacks.
Or, consider this. Do you have people signing up for a newsletter, on your site? When they enter their name and email address, are you storing that information within a database on your site? Yup, that could be valuable information to a hacker
What about your business? If your site is identified as sending out spam, do you know what to do? Do you know what will happen?
If your hosting company discovers the hack first, your site will be taken offline by your hosting company. And, that’s just the first step. Once your site is taken offline the real work will begin:
Your website’s security is more important than the attention that many businesses give it. If your site gets hacked, there could be a lot of harm done to your business for a very long time. It’s always best to be proactive and get your site’s security on your radar. Put together a process for reviewing your site’s security on a regular basis, and with some luck and a new focus you’ll be able to eliminate this from worry.
If you’re curious about whether or not Google has identified your site as having malicious code in it, here is a link to their scanner. All you have to do is enter the URL for your website, and you’ll receive a report as to whether or not Google has found malicious code on your site.