Hacking Your Website – Why It’s Crucial to Update Your Website’s Back End

Just as most people think that the launching of a website will immediately and automatically drive business up by 200%, they also believe that once the site is done, that is it. There is nothing more to do. But this could not be further from the truth.

At Simplicity Lone Beacon we specialize in building top of the line websites within the Content Management System, WordPress. WordPress is a highly customizable, open-source CMS that is fast, flexible and extremely powerful. WordPress is so popular that an estimated 63.6% of all the websites who use a content management system uses WordPress. This is 43.1% of all websites on the internet. ⁽¹⁾ WordPress is also used by some of the biggest and most well-known brands in the world. Brands like Sony Music, Time Magazine, The Rolling Stones, The White House, Variety and more.

But as they say, “With great power comes great responsibility.” True WordPress is a very powerful tool, and because of that and it’s extreme popularity, it makes it a very large target for hackers who can’t wait to sink their cyber hands all over it.

• A cyber attack happens once every 39 seconds.
• 95% of cyberattacks are due to human error.
• 43% of cyber attacks target small businesses.
• Only 5% of company’s files and folders are properly protected.
• 30,000 websites a day are hacked.
• On average Simplicity Lone Beacon’s Security protocol blocks 144 bad IP addresses per week, per site!

Why do people hack WordPress sites? In the end a person’s main motivation is often never truly known, but one main reason people hack will hack your website is to steal personal information. Whether yours or your clients, they aren’t picky. Here are the top 6 reasons your site might be hacked:

1. For Ransom. A hacker will hold your website and its files for ransom, most of the time requesting an insane amount of crypto currency, and often, never releasing your files after. Rather, just for fun, they destroy them.
2. Cross-site Scripting. This works by getting someone to load up websites that have insecure JavaScript on it. This JavaScript is then programmed to steal their browsers data.
3. Malicious Code. The hacker wishes to inset a malicious code that can attack your visitor in some way and do irreversible damage. Such as deleting files, folders, and even destroying the computer’s hard drive.
4. Catch And Release. Another reason people hijack websites, is to use it to phish visitor information. Phishing is a way people trick the visitor into entering and sharing personal information such as passwords, bank accounts, and credit cards. And it may not stop there. The then bad apple, will take that personal information they phished and sell it on the dark web to the highest bidder.
5. Exploiting Resources. Instead of using their own server, spam from their own account, and ruining their own reputation, a hacker will instead use yours. They do this by mining off your website’s resources. An example of this would be a “denial of service” attack, better known as a “DDoS”. A DDoS is an attack in which multiple compromised computer systems attack a target – such as a server, a website or other network resource – to disrupt the flow of traffic and cause a denial of service for users of the targeted resource. In laymen term, they use your resources to crash another person’s website.
6. Why Not. A lot of the times they do it just because they can. Often someone will hack your site just so they can put “Site Hacked By Mack Pack” or whatever their calling may be. It’s the digital equivalent of spray painting a building.

Most of the time when we inherit a website their plugins and theme files are out of date and many versions behind. 99.45% of all security vulnerabilities come from outdate plugins and theme file.⁽⁴⁾ This is why it is crucial we give just as much attention, if not more, to the backend of your website as we do to the front facing portion. Of course, it’s essential that we present all of the content to the visitor in the best, most digestible and eye pleasing way possible. But their safety and personal information is of the utmost importance.  Because of this, we have developed a very detailed, redundant, and strict security and maintenance protocol.

Now you’re probably wondering if 30,000 websites a day are hacked, how can you prevent yours from becoming one? First, don’t ignore it. Your website is like a car, or a new iPhone. For it to work at its most efficient, it needs love and care. It needs to be maintained, monitored, and updated.

Here are a few things that should be considered:

• Set an update protocol. Don’t wait weeks or even months to check for and install updates. This is a process that should be done weekly, if not daily.
• Enforce strong passwords to login to your website.
• Enact Two Factor Authentication when possible.
• Create daily backups of your website.
• Set your WordPress core files for automatic updates.
• Repair and optimize your database periodically.
• Ensure your PHP version is always up to date.
• Install and utilize real time hack alert software.
• Set daily malware scans.
• Keep up to date with the latest security information.
• Audit your users monthly.
• Stay away from a shared server.
• Make sure you’re using a reputable hosting company.

I know what you’re thinking, that sounds like a lot of work to ensure my website is safe. And you’re right, it is. And that’s where we come in! Our hosting and maintenance program at Simplicity Lone Beacon includes all of the above and much more. We are dedicated to keeping your website, your personal data and your visitors as safe as possible.

There’s no guarantee you will never get hacked, but there are ways to safeguard yourself, and your site.  Rule No. 1 is BE AWARE of the threat and be proactive. You wouldn’t leave the key in the front door to your house when you’ve gone away, because that would be asking for trouble.  Like most people you’d lock-up, take the key and you may even have a security system and camera’s. These precautions may not prevent a security threat altogether but they sure would reduce the risk. And make the resolutions easier.

It takes a hacker less than a day to ruin a reputation you and your website have built. And it takes more than 6 months to fully recover that reputation and even begin to reverse the damage done to your website and its SEO.