There are some misconceptions or myths that small business owners and small website owners often have. These myths can actually be dangerous, and often cost a lot of money in the long run.
I have a small business/website, no one is going to hack me because there are bigger fish out there.
This is unfortunately a very commonly held belief by small business owners and small website owners. The truth is, hackers attack ALL websites. Not just the bigger well known companies.
You might think, why would they waste their time on my site? The reality is, they're not. Hacker's create bots, which often are part of a botnet(network of tons and tons of computers infected with the bot software). These bots constantly scour the internet, trying to break into admin panels of sites, trying to inject malicious code through contact forms. Try to repurpose forms into spam delivery systems. These bots also often try multiple methods of breaking into a site, looking for common vulnerabilities, often found in earlier versions of software.
Hackers deploy these bots and they go to work with minimal effort by the hacker. Once a bot finds a vulnerable site, it often reports back to the hacker - "Hey this site is vulnerable!". The hacker then either manually or using a script, breaks into the site, and often changes the content of the site in such a way to make money off of your site, often displaying ads for some less than family friendly products and services. They can completely sabotage your online presence, get you blocked from google search due to malware. If you offer online services you're whole business could be in jeopardy. They may steal any information you have in your site's database - including any client information you have stored there. They can send spam to your clients in a way that it looks authentic like it came from you. They can infect your clients computers with malware by providing them download links to files that initially look like they could really be from you. Hackers may even hold your site ransom, demanding money from you or your business until you pay them[Do not pay them, seek help from law enforcement and a web development/security company, At SpinGroup we've handled cases like this and restored client's sites and locked hackers out.].
You may be thinking this is scare tactics and worst case scenario, but actually it's a very real problem and it's not a new one.
Other notable statistics:
60% of the hacked wordpress sites had malware, which can lead to getting blacklisted, and your sites visitors becoming infected. 71% of hacked wordpress sites had a PHP backdoor, which allows the hacker to continue to perform ongoing malicious actions on your site, without needing access to your wordpress admin panel.
Statistics found on Securi's website.
How to secure your site
First it's important to know you can't make your site invincible to attacks from hackers, just like you can't make a building impervious to robbers. Instead security is a deterrent and intended to drastically slow the attackers, until either better security can be added or until they can be caught. The only way to make a website impervious to hacking would be to host it on a computer that is never turned on - and that would completely defeat the purpose as no one could access it. Securing your site does a few things:
- Makes you less of a target(most hackers don't want to spend their entire day trying to get into your site, unless they've got a serious grudge).
- The more secure the site the more skill it requires from hackers. This often prevents the majority of hackers - which the industry calls "Script Kiddies". These people often use tools created by smarter hackers to break into sites with old vulnerabilities.
- A secure site buys you time. If a hacker is determined to break into or infect your site, it will take them a lot longer to find a vulnerability if you follow best practices. If it takes the hacker long enough, it's possible your site will get updated during the time they're spending on your site, and any previous security holes will get patched, making their task even harder and time consuming.
The easiest way to keep your site secure is to keep your site's software up to date. This means CMS core updates, Plugin updates, Theme/Template updates. Take regular backups. Another good practice is regular security scans. If you frequently update your site yourself, you and anyone else who does, should follow good personal security practices and regularly scan and maintain your computer. Otherwise your computer could be the way the hackers get access to your site. It's like telling a vampire they can enter your house, don't do it!
At SpinGroup we realize most business owners want to focus on running their business and don't want to think about maintaining their site, keeping up with the latest security news, and securing their site. This is where SpinGroup comes in. We offer WordPress Concierge. WordPress Concierge is a service for businesses of all sizes, here's what we'll do for you:
- Keep your WordPress Core up to date.
- Keep your plugins up to date.
- Keep your site backed up on a regular basis(daily)
- Regularly scan your site for vulnerabilities, at-least once a month, often more often than that.
- Based on what makes sense for your budget and your business, we alot a set amount of any-use hours per month to do miscellaneous tasks for you related to your website. From installing and setting up plugins/themes, to teaching you how to update portions of your site yourself if desired.
- If your site gets hacked while under our WordPress Concierge plan, we find out quickly, and thanks to preventive and preparative measures we take we get your site safely back to the state it was before the hack quickly and efficiently, minimizing any damage the hackers may have caused. We then take further precautions to ensure there are no traces left behind by the hackers and that proper security precautions have been taken to prevent them from re-attacking.
- While we can't guarantee a specific amount of time it will take to recover your site, as it always depends on how badly it was attacked. On average we get hacked sites back into working order within a few hours, and even for some of most severe situations it's often within 24 hours.
If you're interested in this service please contact us using our contact form and let us know what you're looking for and we'll get back to you.