Your website is one of your most important business assets. With today’s interest driven culture, a majority of your current and future customers use your website to learn more about your company and the solutions you provide. While many business owners have come to realized the importance of having a web presence, many have neglected website security. In fact, according to a 2012 Sophos Security Threat Report, on average 30,000 websites are hacked every day. What’s worse is many site owners have no idea that malware or spam was added to their site. Having a compromised website impacts your users, your business, and your marketing efforts.
In 2016 “hacking” took center stage. From the DNC getting hacked to the internet outage that affected the East Coast, the public saw first hand the power and the negative implications of hacking. For business owners, big or small, having your website hacked can pose huge issues. For e-commerce sites, not having the right security can compromise your customers’ precious personal data. For other sites, malware can be added that will place hidden links on your site or even cause redirects of your domain to “less than desirable” places. If you are investing in marketing your business online, making sure your site is protected is essential to getting the best results.
The Open Source Problem
WordPress is the world’s #1 CMS (Content Management System) on the web. According to the newest data from W3Techs, WordPress now powers 25 percent of the world’s websites, including sites like TechCrunch, Sony Music, Best Buy, Time Inc. and a number of other notable sites. What makes WordPress so appealing to many developers is the open source platforms. This allows for the continual growth and innovation of WordPress from others in the community. While open source platforms are amazing, there is one flaw. If you don’t stay up to date on the latest software and plugins, you leave yourself vulnerable to an attack.
There are a number of ways your site can get hacked. Here are a few of the most common points of entry into WordPress websites According to an infographic by WP Template:
- 41% get hacked through vulnerabilities in their hosting platform
- 29% by means of an insecure theme
- 22% via a vulnerable plugin
- 8% because of weak passwords
3 Common Hacks
There are a number of ways your website can be hacked. Most the time you’re not being attacked by a real person, but rather by a bot. Here are three of the most common types of hacks provided by a great article from My Local Web Stop. For more details on these types of hacks, check out the full article here.
Brute Force Attack
A brute force attack is the most common attack on any site. During this attack, the hacker is “guessing” your password over and over until he figures out your password. Hackers no longer do this manually. Instead, they use several scripts running at the same time that are trying to figure out passwords to many sites.
SQL Injection Hacks
SQL Injection is when a hacker enters malicious words and characters into a form that is unsecure to exploit the database. Depending on the site, a hacker could use SQL injection to retrieve usernames and passwords, retrieve credit card numbers, alter data, or even delete data.
Cross Site Scripting
Cross Site Scripting, or XSS for short, is when a hacker adds his malicious script to your site. The hacker enters some malicious code into a form which then adds their script to every page on the site. This can cause unwanted redirects from your site to a site that the hacker wants to send your traffic to.
The Impact on Your Business
Having your site hacked compromises not just your information, but the information of your users as well. As a business owner, this can result in a number of negative consequences. Now, some of you may be thinking, “Well I am a small business, no one would want to hack me.” Unfortunately, you’re dead wrong. Sixty percent of all online attacks in 2014 targeted small and mid-size businesses, according to Timothy C. Francis, enterprise leader of cyberinsurance at Travelers. (NY Times) The main reason is that smaller businesses are just easier to hack but still return a ton of value to the hacker.
Another area in which having your site hacked can hurt your business is in your marketing. Having malicious code on your site will directly impact your search rankings. Google and other search engines crawl your site for more than just content and links. They also look to see if the sites are safe for their users. If your site has been compromised, this will lead to a devaluation of your domain until you clean it up.
Cross Site Scripting can hurt your reputation badly. With this type of attack, the hacker can redirect your site to anything they want. So when someone goes to visit your site but instead gets pushed to another unrelated site, your visitors will lose trust in you and may never come back.
How Can You Protect Yourself
There are a number of things every website owner should do in order to protect their site from exposure. Protecting your online assets begins with being proactive. Many business owners know they need to beef up security but just can’t find the time. This is why we add maintenance and security to every site we work on. We know that good online marketing begins and ends with a good and secure web presence. Here are 7 things you must do to keep your site protected.
1. Stay Informed: Make sure you know what the threats are and what they are targeting. Follow updates at a tech site such as The Hacker News.
2. Strengthen Access Control: Make sure all usernames and passwords cannot be guessed. Also, change the default database prefix from “wp_” to something random and harder to guess.
3. Update Everything: Make sure you have the current version of your CMS and plugins.
4. Tighten Network Security: Office computers may be inadvertently providing an easy access route to your website servers. So ensure that,
- Logins expire after a short period of inactivity.
- Passwords are changed frequently.
- Passwords are strong and NEVER written down
- All devices plugged into the network are scanned for malware each time they are attached.
5. Install Security Applications: WordPress has a number of great security plugins. Here are a few of the top rated ones.
6. Hide Admin Pages: You should never have your admin pages indexed. Use the robots_txt file to discourage search engines from listing them.
7. Use SSL: Use an encrypted SSL protocol to transfer users’ personal information between the website and your database.
I have seen firsthand the impact this can have by getting hacked myself and also from helping others clean up their sites. No site is too small and no niche is safe from being attacked. If you want to protect your investment and reputation online as well as get the most out of your marketing efforts, you need to take security seriously.
This article originally appeared in SMA Marketing.
This article was written by Ryan Shelley from Business2Community and was legally licensed through the NewsCred publisher network.