September 21, 2015
It’s the dawn of a new age, in both the existence of the World Wide Web and the way we live our lives. The ‘Internet of Things’ (IoT) is about to provide us with unlimited connectivity, but this means that even our kitchen appliances will be able to share our personal information across the web, potentially with malicious intent.
In this article, I won’ be predicting how to protect yourself from having your credit card maxed out by your vacuum cleaner. What I will do, however, is offer some sage advice on how to keep your most valuable connected asset secure: Your website.
Why do websites get hacked?
Some 30,000 websites are hacked every single day, according to the latest research. It’s a staggering amount, and it’s only likely to increase. “But why would anyone hack my website?” you might ask yourself. Well, think about what they might have to gain.
Chances are your website isn’t a popular pro-adultery site with thousands of members and extremely sensitive (embarrassing and valuable) information at your disposal. In that case, hackers would probably look to use your website to facilitate malicious activity, which could manifest itself as:
- Advertising banners on your website;
- Spam links which show up in your Google search results;
- Spam product names present in your meta tags;
- Website copy;
- An invasion of your website’s server to blanket sent hundreds of thousands of e-mails.
In most cases, website owners have no idea that their sites have been hacked; it’s only later when they’re informed by search engines like Google or Bing that they realise what has happened (usually because they are blocking visits).
The dreaded Google malware screen
Plug your CMS holes
Site administrators require user interfaces that allow them to conveniently add new content to their website, and Content Management Systems (CMS) provide them. WordPress, Drupal, and Joomla are just a few popular and successful platforms in use, showing that users understand how powerful and open source they can be. The market share for just the three aforementioned sites is approximately 71 percent — making it one giant opportunity for hackers. If you don’t plug the security holes that you have in your CMS system, the hackers will find the leaks.
The good news is that all of those CMS are backed by a plethora of industry-leading developers who check for security issues, release free updates and protect against hackers.
It’s plugins created by third parties that bring the major hacking issues. Things like calendars, booking systems and contact forms might bring additional functionality and can be added to your CMS with a single click, but then many wind up being forgotten about. It’s estimated 44.7 percent of available plugins on WordPress alone haven’t been updated in over two years, and these leave your website vulnerable. If a hacker can use a plugin as a ‘back door’ to your site, they’ll exploit it – in fact, websites are a thousand times more likely to be hacked with a known exploit than an unknown one.
That’s not to say that there aren’t reputable plugins out there that have created by excellent development teams, but I’d always opt for native functionality (i.e. tools built in to the CMS) than implementing shortcuts via plugins.
Keep the hackers out
In its recent blog ‘How to avoid being the target of hackers,’ Google provides four key points to ensure website security:
- Strengthen your account security;
- Keep your site’s software updated;
- Research how your hosting provider handles security;
- Use Google tools to stay informed of potential hacked content on your site.
While this is undoubtedly sound advice, in my experience the majority of websites that end up hacked all started off with these principles. How, then, do they end up being hacked?
Nothing happens afterward, that’s why. A website launched with solid security foundations is only as good as its weakest moment, and as a website’s CMS and plugins require continuous updating (which we’ve established isn’t being done), then continuous website security maintenance is also needed.
Be safe – get protection
Websites have so many security needs that it can appear overwhelming, but it’s crucial that you understand the very real threat that website hacking brings. Hiring professionals at an agency is one way to reduce risk and give you peace of mind, allowing you to focus on important aspects of your business.
Remember, for every day that your website is not accessible due to it having been hacked, you’ll be losing money and potentially the trust of your users. We’re at the dawn of a new age – don’t let the hackers evolve too.
This post was written by Wez Maynard, head of design at Vertical Leap. Specializing in UX, digital and brand marketing, he has been working and supplying his knowledge to the industry for more than a decade.