#website #websitesecurity #WordPressSecurity
Is My Website Secure?
A study made in 2003 stated that there is an attack every 39 seconds on average on the website. That was 20 years ago. Since then hackers have gotten smarter and more plentiful.
A 2019 report found that security breaches increased by 67% between 2014 and 2019.
On average 30,000 new websites are hacked every day.*
(Source: Forbes)
The average time to identify a breach in 2020 was 228 days. The average time to contain a breach was 80 days. (Source: IBM)*
Why should I care?
Why should I care if my website is not secure? After all, I don’t have any sensitive information, all my website contains is information about my business, some images and some contact information. Why would someone want to hack my site, there is nothing for them to steal, no information to exploit.
Phishing
The FBI states that phishing is the top internet crime that people reported.
In 2020, the FBI IC3 received 241,342 phishing complaints.
One aspect of phishing occurs when a hacker, masquerading as a known contact or organization, dupes a user into clicking a link in their email that takes them to a malicious website designed to steal the user’s information.
This information could be login credentials, contact information or even social security numbers. These emails often come in the form of notifying the user of a problem with their account, asking them to log into their account to correct the issue. The email contains a link to the website the account is for, this could be a bank account, an online shopping account or a social media account.
What does this have to do with your website? The hacker who sent out that email has also hacked into your website, gaining access to the server your account is hosted on, thus allowing them to upload whatever files they wish.
They will then upload a website that looks like a bank’s website login page, or Amazon’s login page, or even Facebook or Twitter. Their hope is that the user won’t inspect it too closely and will just go ahead and login. Once they enter their username and password and click the submit button the hacker now has their information and full access to their account.
Security companies like Norton, McAffee, MalwareBytes, Chrome, or your hosting provider can blacklist your site, marking it as unsecured and malicious. This not only takes your site down but also puts a big hit on your reputation.
Imagine a new customer going to your website only to see that it contains malicious content. What are the chances you think that they will return?
SEO Spam
Another reason hackers might choose to target your website is due to the search engine ranking. You may have worked hard to improve your rankings in search engines, moving your website up in the listings. Hackers will take advantage of the traffic this generates by injecting hidden phrases in your content with links to their website, therefore increasing their SEO ranking, or going as far as to insert code that will redirect the user’s browser to their website, costing you business and increasing their traffic.
This not only can confuse your customers but can affect your rankings, putting you lower and lower in the search engine results. It can even get you blacklisted from the same companies mentioned above.
Malware/Ransomware
A lot of hackers can infect your website with Malware once they have access to the core files. Through sophisticated programming they can cause your website to automatically download software to a visitor’s computer, or capture the keystrokes of every visitor, or provide the hacker access to the entire server, allowing them to hack other websites that are hosted on the same server.
This can also get you blacklisted as mentioned above. Not to mention the time, effort and money it will take to get your website cleaned up, functioning correctly and removed from all the companies blacklists.
Ransomware attacks have increased by 800% during the pandemic.*
What Can I Do To Prevent Hacking?
Let’s face it. You got a website for your business to help it grow, not to cause you stress and frustration. There are a few things that you can do to help keep your website secure, one of which it to make sure you use secure passwords, and another is to make sure not to share those passwords with anyone.
Other steps are to make sure you use trusted plugins for your WordPress site. There are millions of plugins available to help your website do whatever it is you want it to do. Some are valid, trusted, and secure plugins, while others are may not be.
While WordPress does its best to keep intentionally malicious code off their site for downloading plugins, some plugins aren’t intentionally malicious, they are just poorly programmed and come rife with security holes, providing access to those who know how to exploit them.
But if you are like most business owners you don’t have the time or energy to devote to keeping up to date with all the latest security threats and procedures to prevent them.
Do you think website security is important?
Resources:
https://financesonline.com/hacking-statistics/
https://financesonline.com/hacking-statistics/
Podcast: Play in new window | Download
Managed hosting especially for WordPress is extremely important. If you invest time and money into building a website then also take the time and spend the money to protect it.