- Good news! We are ready to transfer 5.8 million dollars to your bank account!
- We are an IT Based Company from India and would like to make a mobile app for your business
- I found your web contact email and would like to discuss big business opportunity with you.
Is it just me or do you get these emails sent through your website’s contact form as well?
If you’re lucky, that’s about the worst of it. Over the last few years, I’ve seen things that would turn most peoples stomachs like this:
Or worst yet (stay strong), like this:
How did this happen! Why did they attack me? I just have a simple [fill in the blank with your company type] website. It’s not a political site and doesn’t store any personal information in it. Why would I get hacked?
Is it something personal? – No
Is it a hate crime? – No
Is there a solution? – Yes
So let’s first break down some common myths and get right to what you need to be aware of and doing to keep your site from looking like one of these unfortunate examples.
My site is secure and cannot be hacked.
Pardon my uncontrollable laughing but any site is hackable. From the smallest, most basic site, to ones that have several layers of security, an SSL and are behind a firewall. All sites are vulnerable to a degree.
Sites that have a login area are the most vulnerable, so if you have a site build on WordPress, Joomla, Drupal, SquareSpace, Shopify, Wix, or any of the other popular website builders, you could be a target. Hackers are able to use a large toolbox of hacks to gain access to a site like this.
My site is not very popular and should be under the radar of any hacker
News Flash! Not all hackings are done by humans. Has Skynet finally built the Terminator? No, but just as evil, hackers build “bots” that look for sites with vulnerabilities and they do the hacking for them.
How does this happen you might ask? Good question. Some ways they do this are by sending out these bots or scripts that look for sites with things like old Copyright dates in the footer, platforms like the ones above that have not been updated to the latest version or sites using plugins that are outdated. These scripts can look for versions of the code your site uses and exploit weaknesses that have been found. The reason most of these updates come out is that weaknesses have been found and patched.
So what do I look for to see if my site has been hacked?
This will vary. Back in the day, hackers would love to take over the home page of your site and post something as seen above. This would essentially plant a flag on your site as having been conquered. Much like a graffiti artist tagging a wall, some hackers like to leave their mark for others to see.
But….. this isn’t always the case, especially these days. Seeing a home page “redesign” from a hacker is immediately obvious and is usually taken down within a few hours or days and essentially pointless. So they have decided to change tactics.
What hackers are doing now is things fly a but under the radar. They do things like:
- They send scam, phishing or virus-filled emails through contact forms on your site, trying to look like a possible customer or client.
- They gain access to your site and add code that Google will see, gaining backlinks to websites of their choosing, usually selling prescription drugs or Rolex watch knock-offs.
- They get access to your hosting and set up mini sites trying to scam people for their credit card numbers.
- They redirect certain pages on your site to websites of their choosing.
Needless to say, this can be just as annoying as the home page “redesign” hacking option, unless of course they just go in and delete all of your site content, which does happen occasionally.
OK, you’ve got me scared enough to consider doing something about this. How do I secure my site and prevent this from happening?
Of course, there is no 100% foolproof way to prevent this, so instead, if you take preventative measures, you’ll be able to eliminate most basic hacking attempts and more quickly recover from a bigger attack.
Here are the biggest things we recommend to prevent and prepare for worst-case scenarios:
- Keep your site up to date. We can’t stress this enough. Just like your phone has constant updates for apps and the iOS software, keep your site updated. We keep our client’s sites updated weekly since updates can come out at any day and any time.
- Run weekly website backups and keep copies offsite. We run backups 3 different ways; onsite, offsite and at the server level. This gives us the chance to do a quick recovery should anything happen.
- Run daily virus scans looking for any changes on your site. There are different ways to do this, but essentially, set up a service that will look for changes and notify you if something is detected. This will let you get the jump on the potential hacker and prevent major loss.
- Limit login attempts. I’m sure you’ve been to a site that you could not remember your password to and were locked out. This prevents hackers from trying what’s called a “dictionary attack” where they try unlimited attempts at guessing your password. Again, any site with a login area is vulnerable to this.
- All hosting is not the same. Choosing a cheap $5/mo Godaddy hosting plan puts you on a server with 100’s of other websites. There is potential that if another site on the server gets hacked, they can get access to yours as well. PGN for instance uses a dedicated server where we limit the number of sites that go on it as well as monitor for potential threats and can install additional security measures.
Is it possible that you can have a site for years that has a login area and plugins that never get updated and you will never be hacked, but is it worth the risk?
At PGN, we work to help you care for your investment by offering what is essentially insurance for your website. Unless you know enough about websites and preventative measures, then by all means maintain your website on your own, but should the unthinkable happen, will you know what to do to correct it?
If you’re interested in learning more about our website care package, contact us by clicking here and we can assess your site and offer advice on how to best protect your website.