Website Hacks: It’s Not a Question of “IF” but “When”
One of the hard facts of life on the internet is that hackers are relentless, and IT professionals across the board agree that it’s not a question of “if” but “when” a website will be attacked. Small to medium-sized businesses are especially attractive targets for cyber-criminals because they often lack adequate security, or are lagging in best security practices.
Attacks by hackers can lead to data breaches, compromising customer information and sensitive data such as banking information. For creative websites, intellectual property may be stolen. Any site online today is subject to hacking so security should always be a priority in website design.
Hacker Attack Frequency
At the time of this writing close to 42,000 attacks per minute were occurring, according to live real-time monitoring at the Wordfence security website.
That’s a relatively slow day for the hackers. In a report at Domain Name Wire posted in August of 2017, 136,640 attacks per minute were occurring. With hacking so prevalent and the cybercrime threat growing every year, it’s prudent to make security for your WordPress (or any other website) a high priority. First, we’ll take a look at ways to recognize when your site may have been compromised by a malicious actor, more commonly known as a hacker, and then we’ll show you what you can do to protect your website.
Signs That Your Website Has Been Hacked
- Login Lockout – A hacker may have changed the password or deleted your admin account to assume full control of the site, making it impossible to access your dashboard.
- Slower Speed – The site may have been infected with code visible only to crawlers. Google tracking may drop your search engine ranking.
- Email Issues – Difficulty sending and receiving email can be caused by malicious code which is using your IP address to send out spam
- Visual Changes – This is the most obvious sign of hacking when theme files have been compromised. New links or explicit content may be visible.
- New User Accounts – New accounts appear even though you don’t permit new user registration on your WordPress site.
- Drastic Traffic Changes – Extremely low daily traffic can be a sign that the site has been hijacked, and a hacker is redirecting your traffic to spammy sites.
- Security Software Alerts – Security scanning plug-ins such as Wordfence and Sucuri will alert you to most types of malicious activity.
Wordfence Security Plug-in
Wordfence is the most downloaded website security plug-in for WordPress websites and is currently protecting up to 1 million WordPress websites, with over 10 million downloads overall. Wordfence features a constantly updated defense feed to stay one step ahead of hackers, and the Live Traffic view can show you attempted attacks in real-time. The advanced suite includes brute-force attack protection, country blocking, and advanced manual blocking for optimized control over exactly who can access your website.
Brute force attacks are also known as DDoS for Distributed Denial of Service. This is an attack which overloads the website with traffic from multiple computer resources under control of the hacker. According to Digital Attack Map, more than 2,000 DDoS attacks occur daily and are responsible for 1/3 of all downtime.
Sucuri Scanning and Malware Attack Recovery
If you suspect that your WordPress site has been hacked you can get a free scan by entering your URL on the Sucuri Free Scan webpage.
If it turns out that your website has been compromised by malware, Sucuri offers malware and website cleanup with no page limit. They too, offer brute force attack protection and security monitoring as well as blacklist removal.
Best Security Practices For WordPress Websites
- Always change the username from the default “admin”. Failure to make this simple change is like opening the front door to your website and is commonly exploited by hackers
- Use strong passwords- Weak passwords with a few numbers and letters may be easy to remember but they increase vulnerability to hacking. Strong passwords include at least 12 characters, upper and lower case letters, numbers, and special characters.
- Avoid using insecure themes and plug-ins.- Hacked theme files are a known repository for bad code from hackers. Use only WordPress approved secure themes and plug-ins.
- Use a Reputable Website Security Provider- Hackers are continuously exchanging information and new exploitation techniques, and you need professional security help to stay ahead of the cybercrime wave. Real-time scanning and monitoring can alert you and let you minimize damage with prompt action. Firewall protection can prevent many attacks from occurring in the first place.