“Who would want to attack my website?” A common misconception among small business owners is that their websites are not important enough to warrant an attack by hackers. It is true that unless you are a large bank, corporation, or government institution, a hacker is not likely going to consciously choose your website as a target. What a hacker will do is create infectious code that leverages your compromised website to attack a targeted website or accomplish some other goal that has nothing to do with your company’s size, your business’ type, or the monetary value of your data.
You May Not Know You’ve Been Hacked
Most people assume that once their website has been hacked it will disappear from the web, their bank account will be ransacked, or they will get a ransom email from the hacker. While this does happen, it’s generally not the case. No matter how small your website is, when added to a network of compromised sites, it can become an extremely valuable resource to a hacker. As mentioned above, your website can be used along with thousands of others to attack one particular high-profile website in what’s called a “distributed denial-of-service” or DDoS attack. It can also be exploited for something as seemingly mundane as mining bitcoin. Often, compromised sites are hacked to send visitors to another site where computer malware or an elaborate credit card phishing scheme awaits. In all these cases, the hacker wants to utilize your website as long as he or she can, which means not drawing attention to the hack for as long as possible.
But not knowing your website is hacked can have dire consequences in the long term. You could face huge bandwidth overages, site visitors could find their computers infected with malware, and your business reputation on the web could be adversely affected. To compound the hardship, an infected website can also result in the domain and the host getting blacklisted (sometimes permanently) by search engines and email providers.
Keep Your Website Up-to-Date
An obvious downside to common open-source web platforms like WordPress is that everyone, including hackers, have access to all the code. The upside is that there is a veritable army of developers on your side of the war, ready to spring into action at the first sign of trouble. The “good guys'” response comes in the form of updates to plugins, apps, themes, and even the platform itself. The best thing you can do to protect yourself from hackers is to install these security updates as soon as they come out. If you don’t know how to do this, hire someone who can and have them monitor your site for future vulnerabilities and security updates. Vigilance is the operative word here.
Use Complex Passwords
Rather than go into great detail here, we recommend you read our blog on how to create strong passwords and keep them safe. Even if you have been using complex passwords, it is a good idea to change them often.
Work with a Professional
Lastly, the most effective course of action here is to seek the service of a web security pro. In our last blog we made the bold declaration that web design is dead. This issue of web security is further proof of this. While you could still hire a web designer to create your site, you will need a web developer who is well-versed in web security to make sure both the site and the server (where your website “lives”) carry all the proper safeguards against hacking.
What to Do If Your Website Is Hacked
Act quickly! As mentioned above, the longer your website is hacked, the more damage it will do. A delay in response could quickly put your domain on blacklists, causing your site to disappear from search results and every email associated with your domain to be flagged for spam. If you have been hacked, contact us immediately! We will evaluate your situation and explain clearly the actions that needed to be taken. Our team of web developers, network administrators, and web security experts will find the most effective path forward to get your site and Internet reputation back on track.