Website hacks have been consistently on the rise for years now. Here’s just one example:
In March 2015, a security vulnerability was identified in two WordPress plugins by Yoast. One of them—WordPress SEO by Yoast—is one of the most popular plugin for WordPress, meaning that this security vulnerability put a large number of websites at risk of attack from black-hat hackers.
By mid-April, it was discovered that misuse of several functions commonly used by WordPress plugin developers have made those plugins vulnerable to what is known as Cross-Site Scripting (XSS), a common application hacking technique which enables attackers to inject a client-side script into site pages. This vulnerability can give access to sensitive data like credit card numbers, personal information, social security numbers, even medical records.
Millions of Websites Potentially Affected
Website security company Sucuri noted that dozens of WordPress plugins were affected by this vulnerability. It is hard to give exact figures, but considering that WordPress runs nearly 30% of the internet, the number of sites potentially affected by this single vulnerability is huge.
Unfortunately, these sorts of website hacks happen all the time. Hackers regularly exploit website security vulnerabilities, leak data, and, in some cases, hold your website or important documents hostage for real money. If you’re not paying regular attention to these issues as they arise, your site could be next.
How do these hacks even happen?
Hackers usually use search engines to identify common website security vulnerabilities. They then exploit these vulnerabilities by injecting malicious code into your site using the newly discovered security gap.
In other words, before you realized what has happened, your site is infecting user devices with viruses, forwarding to a porn site, bloated with spammy, SEO-killing content, or in extreme cases, the victim of ransomware, where a website or document is held hostage until the victim pays a price
Okay, we don’t mean to scare you! Your website is probably fine, but just in case you’d like to prevent this from happening, what can you do?
Stay away from DIY websites
Part of the problem is that we are living in the age of DIY websites. ‘Free’ website building tools and inexpensive web hosting have broken down barriers to entry for many aspiring website builders while also increasing vulnerabilities.
Empowering people with easy access to web tools is a great thing, but this also leads to an inevitable increase in security vulnerabilities. What makes many of these tools so useful is also what makes them so vulnerable. Lack of knowledge about web servers, software security, CMS and plugin updates, or poor system administration practices commonly lead to hacked websites.
Five simple things you can do to prevent website hacks:
- Keep your content management system up-to-date with the latest software.
- Use premium or custom themes or plugins when possible. You get what you pay for with anything free. Premium software often includes support and free updates.
- Always run the very latest version of CMS plugins and themes.
- Make sure all users have strong passwords. Remove legacy users.
- Remove any unused themes or plugins once they are obsolete.
There are of course many, many other things you can do to make your website more secure, but keeping web software up-to-date and passwords strong are at the top of the list. It is also worth noting that while no system is flawless or impenetrable, the WordPress core is very secure. The overwhelming majority of of vulnerabilities are introduced by plugins or not keeping software up-to-date.
If you are the least bit unfamiliar with any of the above terms or how to accomplish these tasks, call a web developer or a company that builds websites. It may cost you extra money, but the expenditure will be far greater if you wait until after your site has been hacked. Your peace-of-mind is worth the expense in the long run.
Check your passwords!
Everyone knows they should use complex passwords, but that doesn’t mean they always do. It is crucial to use strong passwords to your server and website admin area, but equally also important to insist on good password practices for your users to protect the security of their accounts.
As much as users may not like it, enforcing password requirements such as a minimum of around eight characters, including an uppercase letter and number will help to protect their information in the long run.
To sum up
Good website security starts with you! Choosing a reliable website builder or hosting provider, making sensible choices about how you run your site, and putting in the extra effort to make passwords secure. And don’t forget that we’re here to help you along the way!
Hopefully you’ve learned how to secure a website, and have found it’s not as hard as you first thought. You don’t need tech skills or a huge budget to make your website secure – as our list has shown!