Ever had your website hacked? Sometimes it’s obvious — you go to your website and something other than your content appears, instantly jolting you into a state of dread and dismay. If you’ve not experienced a website defacement before, you may not know what to do about it, which makes it even worse.
But, at least you know an intrusion has occurred.
Lately, hackers have stepped up their use of stealth hacking to compromise websites. Instead of announcing themselves by defacing your website, hackers leave code in place to perform a variety of misdeeds while you, the site owner, are none the wiser.
Search engines, however, can detect malware and blacklist the website, leaving you with a red banner over your content and probably a red face to go with it. Even so, search engines only find a portion of all malware infections, and they don’t block all the infected websites they find.
In 2018, only about 15% of malware-infected sites identified by search engines were blacklisted, about 4% less than the previous year.
According to SiteLock.com, a website devoted to website security: “Search engines are using greater caution when blacklisting websites to avoid reporting errors at the site owner’s expense. When a blacklisting occurs, the consequences can impact a website’s traffic, reputation, and even profitability.”
4 Common Website Security Vulnerabilities
These web page security vulnerabilities are commonly used by hackers to exploit your website. Learn what they are, and the best way to secure your website against them.
1. The Login
“Brute Force” attacks are automated attacks used to crack a login or PIN. In a brute force attack, a software program goes through a series of guesses, for example, a list of words from a dictionary.
Dictionary attacks are still used but not as often as they once were because computer processing power has increased. A modern computer can crack an eight-character alphanumeric password in about 2 hours, no dictionary needed. Guessing every possible combination of letters and numbers is called an Exhaustive Key Search.
Other types of brute force attacks include Reverse Brute Force attack, where a common password is used to try to guess a username, and Credential Recycling which uses previously discovered user/password combinations.
2. Lack of Server Security
If the hosting environment of your website is not secure, then neither is your website. Some budget hosting plans are at increased risk for intrusion due to the high volume of websites and traffic on a single server. If it becomes infected, the hosting company could be forced to shut down your website to prevent harm to other sites on the same server. And, it would be you that contracts and pays for the cleanup.
It’s usually preferable that experts deal with a malware infection than to do it yourself. So, a hosting plan with excellent support, such as managed hosting, is beneficial for security.
Website builders and CMS platforms like WordPress depend on third-party plugins or extensions to provide the capabilities of the modern website. Contact forms, event schedules, SEO, layout editors, popups, and a host of other functions come by way of plugins.
Hackers exploit weaknesses in the code of plugins to gain access to the site. Once in, they can leave malware, create user accounts, and wreak all sorts of havoc.
Content Management Systems like WordPress, Joomla, Drupal, and others are vulnerable to hackers, even without plugins. Always update your CMS whenever a security patch is released. For professionally managed web design in Austin or Houston, contact MARION today!
How Prevalent Is Hacking?
You might be surprised to learn that automated programs have been trying to hack your website today, and yesterday, and they’ll be back tomorrow.
SiteLock has this to say about the rate of hacking attempts in 2018, from their SiteLock 2019 Website Security Report:
“Website attack attempts per day grew by 59% from January 2018 to December 2018, ending at a peak of 80 attacks per day and averaging 62 attacks per day for the year. Rising attack volume suggests cybercriminals are automating their attacks to expand their reach and frequency. However, the sample of infected websites remained steady at about 60,000 throughout the year, indicating that website security tools are likely becoming more successful at combating the increasing number of attacks.”
How Do I Secure My Website from Hackers?
Here are six high-level options to protect your website from hackers in 2020 and beyond.
- Use strong passwords and never re-use a password. Use a password management system that stores your passwords and fills in login details for you. Password management systems can also generate random character string passwords for you.
- Choose plugins and extensions for your website carefully. Look for evidence that its maker supports the plugin. A list of recent updates, the number of users, and reviews are all criteria to consider before installing any plugin. For further help with WordPress web design in Houston, contact MARION today.
- Keep plugins up to date and delete any that are not in use. Enable automatic plugin updates where possible. An intrusion is far worse than the occasional inconvenience that an unattended plugin update may cause.
- Keep an eye on your website — inspect it at least once per day.
- Scan your site for malware every day. There are several ways to obtain automatic malware scanning, from plugins to paid services. Sucuri is a good free option for manual scans, but research paid options for more in-depth scans.
- Use a website application firewall to detect intrusion attempts and limit access to your website as needed. There are also different types of SSL certificates that can be used to protect access to your site.
Contact MARION for Professional Web Design & Maintenance
The MARION Marketing Agency has nearly 40 years of experience working with Texas-based businesses. Our digital marketing capabilities have evolved with the industry, and we now offer custom web design services in Houston and Austin, as well as ongoing marketing.
Contact us today to schedule a free marketing consultation, and we can discover how to best grow your business together!