As of December 2018, there are approximately 172 million active websites in the world. WordPress, the world’s number one CMS, has a 43.6 percent market share or about 75 million active sites. This also makes WordPress websites the most susceptible to hacking attacks. WordPress accounts for approximately 90% of the hacked websites. Magneto (4.56%) and Joomla (4.3%) are the other websites that are easy targets of hackers. HTML websites are rarely hacked. Even after cleaning and testing a hacked website, hackers can get back into the website through hidden doors they have left behind. With over 90,000 websites hacked everyday, it is important to know why hackers are eager to gain access to your website.
Why do hackers want to get into your website?
Hackers may have various reasons to gain access to your website. Some do it for fun and some for more malicious reasons. The most common reasons for websites getting hacked include -
1. Domain Name Takeover
Domain name takeover or hijacking happens when the hacker gains control of the target’s entire DNS information. After the hijack, hackers can make unauthorized changesand can interfere with communication channels including web and e-mail. After gaining access to a target’s e-mail the hacker will receive all incoming e-mail and will send out spam e-mails to the target’s customers. This can cause damage to a company’s reputation and a loss of customers.
2. Interference of service
Websites are sometimes attacked with the purpose of shutting it down or disruption of services offered by the website. Disrupted Denial of Service (DDoS) is an example of this kind of attack. Hackers ping a certain web server to overload and eventually shut down by seizing control over a group of computers.
With the increase in the number of online transactions, theft is a common reason for hacking. Hackers search for security vulnerabilities in websites having online transactions. The transaction money goes into the hacker’s kitty the moment a weak spot is found.
4. Stealing of valuable information
This is one of the most serious attacks faced by websites. Hackers gain access to websites to steal valuable information and commit identity thefts. Hackers use this to gain access to credit card information and other critical data like SIN details.
5. Gain attentionSome hackers do this only to gain attention and popularity. They may not do anything malicious and in the process only point out weaknesses in a website.
How we can help
If you suspect that your website is hacked, here is what we do
1. First we clean the infected files and test to ensure it is clean.
2. We install a shield over your WP website so if a hacker is looking for a particular vulnerable plugin, when they scan your website, they can’t see anything at all – and more specifically if that plugin was used – so they typically move on looking for weaker websites
3. We install a program that alerts us when someone is trying to get into your site, in case they have hidden a code in a file that provides a back door entry.
4. We move all your files into a hidden file so they don’t know where to go to attempt entry into your website once they are in the front door. Again creating more frustration for them and letting them know this website is being taken care of. Hoping they will move on rather than trying to figure it out. Because even if they get it, we will know soon, and close it down. Not worth the trouble for them.
5. We change all logins from easy to guess ones: admin , owner’s name, business name, etc. Because some smart hackers have learned out how to use brute force into a website if they have the user name.
6. We change all passwords (including our own), in case some hacker found one somewhere.
7. We manually block IP addresses of known hack attempts.
8. We manually block user names used by hackers.
9. We manually limit 60 page views per minute, per person to screen-out automated hack attempts.
10. We block access to XMLRPC.PHP file from hackers.
11. Lastly we install a program that alerts us immediately should your website go down again. This is in case of a very smart hacker is back in there, we will know and can go back in and repeat the above steps to further lock down your website.
Additionally, if your website is hosted through our provider Smart Ram Hosting, here are some additional steps that are taken
1. If hosted through us, at Smart Ram Hosting, daily back ups - which allows us to restore with ease should there be a hack. Please read: WordPress Website Hacks 2018 info
2. Every 6 months a back up is saved in our Dropbox. This is in case some smart hacker has left a hidden file to allow access later. We can easily restore from this older back up, rather than wasting time searching through daily saved backups to find that hidden file.
A hacking attack is one of the most stressful and one of the most common situations faced by website owners. With our solutions you can breathe easy as your website will be secure and hackers would move on to more vulnerable targets.
Wednesday, 03 APRIL 2019 BY SUNNY LAKHWARA