As I am writing this first sentence in this blog post someone’s website/blog is being hacked. On average a web site is hacked every 5 seconds, with 30,000 websites being hacked into every day.
A common response from many website owners is “Why would anyone want to hack my site? I’m not running e-commerce. I don’t have any credit cards online to steal.” While credit card and data theft are common reasons for hacking, there are many other reasons why a hacker may be interested in your website. Here are a few common ones just to give you a taste:
1. Use your site as a mule
Hackers that want to do broader attacks will create a botnet (this is a large network of compromised computers) that they can use to attack other sites.
A botnet makes it harder for the authorities to detect who is doing the hacking and also makes it harder to stop.
These botnets can be a broad hacking attempt, or it could be a “Distributed Denial of Service” (DDoS) attack where they try to overwhelm a site with so much traffic that the website shuts down.
In recent months, these have been used in attacks against financial institutions as well as government websites and systems.
2. They Use Your Site for Downloading Malware ( Trojans, Viruses)
Hackers who want to use malware to infect other people’s computers need a site or sites on which to store the dangerous files.
They obviously don’t want to use their own servers, which could easily be traced back to them.
So, they will hack a site and upload their malware to it. Then, when the hackers send out their spam, the unsuspecting people may actually be downloading the malicious files from your website.
3. Just for Fun and Bragging Rights
Yes they can destroy all your hard work and toil on your site just for a bit of fun and so they can brag to their mates down the pub.
So how the heck do they get into my site in the first place?
The most common sites that get hacked are predominantly word press sites, and there are common modes of entry.
41% of hacked sites get in through the hosting company, 29% get in through your theme uploads, 22% through Plugin uploads and surprisingly only 0.8% get in through weak passwords.
So lets look at how we can prevent these security issues in the first place and then look at a couple of plugins to help you.
1. Always keep wordpress up to date. Nearly all updates of wordpress have improved security features so make sure you upgrade whenever a new version of wordpress is published.
2. Never use the default admin account as part of your login. WordPress installs naturally default to admin as the user, make sure you use a scrambled login that no one could guess, never use your name or the name of the site.
Remember to use CLU:Complex, Long and Unique
3. Get rid of any log in link on your blog, there is no need for it and it just welcomes the hacker to have a go.
4. Make sure you lock down file access and read/write access on your website.
5. Always use wordpress security plug in and limit log in attempts on your site.
Talking of which, one that I always use is Wordfence Plugin. This plugin gives great security to your site and is free to use and easy to set up. The installation guide is below.