Many small or medium sized businesses think their website is too small to be hacked. Unfortunately, many find out that this isn’t the case. According to Sucuri, “In our analyses, we have found that it takes about 30 – 45 days for a new website, with no content or audience, to be identified and added to a bot crawler. Once added, the attacks commence immediately without any real rhyme or reason. It can be any type of website, the only commonality is that it is connected to the web.” 1 The bots look for any vulnerability on the site and then attempt to exploit that vulnerability to gain access to the site.
What are hackers gaining?
There are several reasons hackers attack sites. They may do it for financial gain. The hack may involve uploading malware on your site that is downloaded by a visitor. The downloaded file may install software on the visitor’s computer that can allow the hacker access to sensitive information such as banking logins. There is the potential for financial gain when this type of hack is initiated.
They may also institute a Black Hat SEO hack that redirects the visitors to a different site. A potential visitor will search for a site using Google or another search engine and think they are going to a site but when they click on the link in Google, they are redirected to another site. The redirected site will try to sell the visitor something or will tell them their computer is infected with malware and they need to purchase software to remove it. The computer isn’t infected but the scare tactics could convince the visitor to purchase the software. Once again, hackers profit.
Another reason is to gain access to the mail servers or resources on your hosting account. They either sell the resources or using them for their own gain. If they are using the hosting account mail servers, they can send spam emails without being detected.
Regardless of the reason hackers hack, website owners need to do everything they can to protect their site and the visitors to their site.
What should you do to protect your site?
- Keep the site software up to date-update the Content Management System and any software(plugins/modules) for the site.
- Passwords – use strong passwords and use different passwords for your accounts
- Use two-factor authentication for logins. There are many different plugins that will allow you to have this type of login for the website administrators.
- Change passwords to the hosting account, FTP accounts and Admin accounts frequently.
- Monitor and scan your site regularly.
- Install security plugins.
- Don’t log into the backend of your site or hosting account when on a public network (unsecured).
Following these guidelines, along with using a reputable host which has security protection built into their hosting plans, will help prevent your site from being hacked. This doesn’t guarantee that it won’t happen, which is why you need to monitor your site and backup regularly. It is very important to have a backup of your site so you can quickly recover from a hack. Most hosts will take backups of the hosting account but it is critical that you have your own backup. Hacks will happen, so you want to be prepared and have the tools to recover quickly.
- Why Websites Get Hacked, https://blog.sucuri.net/2015/02/why-websites-get-hacked.html