I’m often asked what a hacker wants a small business website? The general consensus is that hackers target the big guys like banks and big retailers. While true, in today’s market, it is all too common to see hackers target smaller websites. Why? Because they know they are easy targets!
The truth is very few website owners actually consider themselves targets for online attacks; therefore, very little time or money is invested in preventative measures to protect their online reputation. It is typically “assumed” that either their website designer or their hosting provider is doing their part in running backups or regular maintenance on the server. The truth is that unless you are paying for some sort of maintenance service, it is very likely your website is left unprotected making your website vulnerable to going offline completely, losing access to the files, having visitors redirected to another website, using malicious programs to steal data, or having bizarre links showing up randomly on your website promoting other products.
It is frightening that there is a general belief that only big businesses or government agencies are targets for such activity. The truth is that anyone with server space – be it a website or blog, complex retail store, or even cloud storage solutions – are targeted by hackers. Why? Well, the answer to that question lies within the specific goals of each hacker.
What Do Hackers Want From Your Website?
From our experience, getting into the mind of a hacker can be a very complicated place. What drives someone to hack a website typically includes one of two things: 1) to identify a vulnerability in your system in order to steal data, or 2) to create a stream of income in a very sneaky (and likely illegal) manner. Specific scenarios we have encountered include:
- They want to steal customers information like email addresses to sell to Black Hat scammers or use directly in SPAM schemes tricking you with links to websites where you freely give your personal information.
- They want to steal credit card information and use it for their own fraudulent purchases or sell the information to the highest bidder.
- They seek to redirect your web traffic to another web page – likely a website where a purchase supports their own benefit.
- They would prefer to hide their malicious (virus) files that attack others on your server, blending it in with your files thus making it hard to track the origin of an attack back to them.
- Then there are some who are simply brilliant programmers who get bored and seek a new challenge. They look at hacking as a skill-test to keep their skills sharp. (Thankfully, most of these I’ve met are the ethical hackers and then report their findings to the website owner. Granted, some may ask a fee for a small fee to fix the problem for you, but at that point, it’s worth the price to reduce the risk of future loss. Keep in mind that this too can be a scheme tactic for the sneaky ones too!)
Where the real problem comes in is when you are in a position that you know so little about technology; you really have no idea how easy it is to be tricked or have any idea on who you really can trust. This is where we can help.
How To Protect Your Website
Websites, online stores, phone apps, etc. are simply a process of commands written in a coded technical language. When someone who understands that coded language finds (or can create) a loop-hole in that code; whola… you have a hack! To make things worse, really talented hackers can create a program that will just repeat an attack activity over and over again basically automating their process. However, knowing what you can do to protect your website is the first line of defense to make things difficult for potential security threats. The second step is to have a recovery plan in place to restore your website or files as quickly as possible should your defenses fail.
If you use WordPress, there are many things you can do to as the first line of defense to protect your website. A few very basic Security Features every WordPress install should consider include:
- Host on a Dedicated Server, use an SSL access or Shared Hosting with isolated or “jailed” options to protect your files.
- Avoid using the general Admin User. Knowing this is the general setting, retaining it gives hackers an automatic 50% advantage in gaining access.
- Use a WordPress Security Plugin like WordFence to help enforce areas that are most vulnerable.
- Use additional secure coding in primary access files to limit core file access to authorized personnel only.
Every website administrator should also consider Recovery Plan for their website. Since the internet is an ever-changing environment, an option for hack treat remains constant. Having a Recovery Plan in place allows you to quickly discover potential risks before they get out of hand as well as organizes the files you need to quickly recover your site if the structure has been compromised. Things to consider in such a plan include:
- Initiate regular Back-ups of your WordPress system and database files to create a quick restoration solution.
- Make regular updates to your WordPress System, Theme and Plugin files to repair vulnerabilities discovered by their creators.
- Schedule a regular evaluation of your website hosting files (including the root directory) looking for questionable files.
- Create a regular process to have users change passwords that require a combination of complex characters (i.e. $&@>, numbers and letters).
When it comes to cyber-security concerns, these are just a few tips to consider in defending your website. To learn more about how cyber threats can impact your particular business, contact us at 636-379-1750 to schedule a Website Evaluation.
About the Author: Julia Eudy is the founder of Golden Services Group and experienced online marketing professional. Her proven skills assist business owners to develop a solid online strategy, track data analytics, write compelling SEO-ready copy and creates a focused communication process to promote long-term referrals.