A hacker hacking into a website.

Companies of every size and industry face the risk of being a victim of a cyber attack, regardless of where they host their website. Research has estimated that a cyber attack takes place every 39 seconds, so taking measures to secure and defend your site from these attempts is of the utmost importance.

Why they hack.

Sites can get hacked in several unique ways, but there are three main reasons why most hackers hack websites:

  1. Steal or leak information. The most common reason that sites get hacked is because the hacker is hoping to access information that they can use, leak, or sell. That information might include private information on employees, clients, or site users, confidential documents, or financial data like credit card or account numbers. Hackers typically steal this information so they can assume someone’s personal identity and/or steal funds. They may also attempt to sell this information back to you, to a competitor, or to another fraudster.
  2. Disrupt services. Some hackers don’t hack to gain anything, they just simply seek to disrupt services or cause destruction. They might overwhelm a server with traffic, causing it to crash, or infect the site with malware. 
  3. Hacktivism. This reason for hacking is mainly confined to the sites of government, political, or religious organizations. “Hacktivists” aim to impose their ideas and seek to expose injustices, and they do so by taking matters into their own hands and targeting websites to promote a particular agenda.

Depending on your industry, a hacker may be motivated by one (or a combination of) these reasons, so it is imperative to always keep your site secure.

How they hack.

Regardless of their motive, hackers will look for any way to access your server, software, or devices. Some common ways that cyber attacks can be attempted or security can be breached include:

  • Passwords. If you use a generic password, it can be easy for hackers to guess it. If you use a stronger password but store that password in an unsecure place or use it for multiple accounts or platforms, the hacker may be able to locate and use that password to gain the access they desire.
  • Missing security updates. Server software, CMS, plugins, and other software will occasionally require a security update or patch. Failing to perform these updates immediately or in a timely manner can leave your software vulnerable to hackers.
  • Unsecure themes/plugins. Themes and plugins are maintained by their developer to ensure that they remain secure and functional. If a developer no longer manages a theme or plugin, it’s left unsecure and exposed to hackers to potentially add malicious code to the existing version.
  • Phishing. There are many different forms of social engineering, where hackers and fraudsters manipulate individuals into freely providing personal information like passwords, bank account information, and more. They might target you by emailing you an email that appears legitimate but manipulates you into providing admin level access to your site, or they may target your users by mimicking your site and collecting data through a form.
  • Holes in your security policy. Even if you’re making some efforts to secure and defend your site, holes and gaps can be left unnoticed. Users or administrators might create weak passwords, admin access might be granted too freely, or HTTPs might not be enabled… These are just some examples of simple things that a hacker can take advantage of to get their foot in the door.

An experienced hacker only needs a small window to gain access to your site and information, and they will look for any one of these holes to gain that access.

How to protect your site (and your users).

Getting hacked can be inconvenient to your business and detrimental to your company, your users, and your clients. It can also be costly, as you will have to pay a professional to secure the site (and potentially fix any design or development damages), but you may also have to pay restitution to anyone who’s personal information may have been compromised, or pay legal fees and fines for failure to secure this data.

While you should consult with a professional web development agency to ensure that your site is fully secure, there are several efforts you can make to ensure that your site remains secure and that you do not unknowingly leave room for a hacker to gain access to your site… 

  • Create strong, unique passwords that aren’t common or easy to guess.
  • Store your passwords in a secure location. We suggest LastPass.
  • Require your users and administrators to create strong, unique passwords.
  • Be selective with who you grant admin level access to, and revoke access when no longer needed.
  • When possible, schedule all security updates to run automatically, or set a reminder for yourself to manually check for updates on a regular basis.
  • Uninstall/remove any unsecure themes or plugins (ones that are no longer maintained by a developer or have outdated security).
  • Avoid social engineering scams. Be mindful of where/when you sign into secured profiles/accounts and do not provide this information to anyone who has not proven their identity to you and who absolutely needs this information (your team or hired agency).
  • Ensure that HTTPs is enabled on all pages of your site.
  • Take advantage of server side security options offered by your hosting provider (like Bluehost, for example), which typically include ongoing site monitoring, file/malware scanning, firewall protection, authentication and password protocols, immediate email notifications of suspicious activity, and routine site/file backups for protection against attacks, outages, and other events. 
  • Install and configure security plugins for CMS websites (Sucuri and Wordfence are two great options for WordPress sites.)
  • Utilize a plugin like UpdraftPlus or Jetpack to automatically backup your database/site files and store them remotely.

We prioritize website security.

We understand the risk and the cost of a security breach or cyber attack, and we value the security and safety of all of our clients. We take every effort to keep our clients’ sites secure during the design and development stages, and we continue these efforts with the client once the site is launched. If you’re unsure about the current state of your site’s security or are interested in building a new, secure site, contact us today. One of our experts would be happy to discuss security and website development with you, and help you provide the safest and most secure experience for your users.