Why People Hack Your Website and How To Protect It
Within the past few months, our team webmaster, Helen and I have been fighting hacked websites and installing security measures on client sites due to the massive increase in hacking. We always receive the same questions, “Why my site?” Helen and I always wondered the same thing too but were more interested in repairing or preventing the problem. I read a blog post recently on Wordfence that has answered all our questions.
In order to protect your website from hackers, it is important to understand the criminal mind, so that you understand why website security is so important! Some security measures can be expensive, but there are free ones out there as well. Sometimes though, clients are on a tight budget, and think, “I’ll be fine – after all, there is no reason that anyone would want to hack into my site.” Think again!!
Your Website Is Attractive Web Real Estate
- It is run on a server that the hacker can use to run his/her programs;
- It is on the Internet and probably unknown by search engines yet;
- It’s possible that user data may be available through the backend;
- It should have some traffic coming to it, whether it is organic search traffic or inbound marketing traffic;
- It’s probably highly valuable to you.
Hackers Run Their Programs On Your Server!
One of the worst infections we recently repaired was a Coinhive infection where a cryptocurrency mining program was installed on a client’s website server. All this program does is uses the computing power of the web host server, (and a lot of electricity), to mine for cryptocurrency (Bitcoin, Monero, etc).
How We Fixed The Coinhive Infection
Our client’s web hosting package included a free subscription to SiteLock Lite, (thank God!). This was the service that alerted us to the infection and immediately took down the infected website. SiteLock Lite is a step up from the host’s security software that scans for malicious files on a weekly basis. The SiteLock Lite scan occurs daily. Unfortunately, this free subscription does not include any repair services.
Helen and I weighed our options of cleaning the mining files out of the client’s website which included:
- Have Helen manually remove the infected files and risk missing some or removing something needed to run the site.
- Purchasing a higher level subscription of SiteLock which would run a software program to remove malicious files.
- Purchase the highest level of SiteLock subscription where SiteLock techs would manually go through the site and clean it up as well as monitor/prevent any re-infections.
Even though option 3 was the priciest, the client wisely chose it because of the ongoing support provided. It didn’t take long at all for the SiteLock team to get to work, remove the infected files and get the site back up and running. In fact, the next morning we were live again!
In addition to SiteLock’s 6-month subscription, we decided that we would provide our website update service monthly rather than quarterly because once a vulnerability is discovered on your website, the url is logged on the dark web and reinfection will be attempted over and over. This is why it is an important security measure to keep your files and plugins up to date. Usually, when a security hole is discovered in a plugin, the author will repair it and send out an update.
Protect Your Website From Hackers
At eZone Virtual Services, we include the following basic website security measures in our website packages. More robust protection is provided when requested.
- Installation of Free SSL Certificates offered by hosting companies;
- Installation and configuration of a free plugin that protects the login function of the website;
- SiteLock Lite (as offered by hosting company)
- Installation of a free security plugin
- Installation/configuration of a secure backup system
Remember, nothing is 100% secure on the web. If you’d like pricing on designing a WordPress website, maintaining an existing site or blogging support, please reach out to me here.