Oops! We could not locate your form.
Hackers understand security and if your site is unprotected, they will see this as an opportunity, the same way a thief will open your car door, if it’s left unlocked.
Hacks and website exploits are constantly on the rise. According to a Patchstack article from 2019, security breaches had grown by 67% over the preceeding 5 years.
Contrary to popular belief, it’s not only high-traffic websites that come under attack. Statistics actually show that it is the lower-traffic websites that are actually the most vulnerable, as they often lack protection and are not well maintained. This makes it easy for hackers to exploit vulnerabilities that haven’t been patched via regular updates.
This is why keeping your site and its plugins up-to-date is vital, alongside the use of security tools like firewalls, which can greatly reduce the chances of your website falling prey to these common breaches.
A client once told us that their website doesn’t warrant spending money on for support and security, as it doesn’t generate much traffic.
We thought this post would be helpful to showcase a typical month of bot visits and attacks that our security firewall and support team handle on a site that generates only 500 visits per month.
In a typical month this particular client received 27.9% of their traffic from desktop devices, 43.8% from mobile devices, and 28.3% from bot traffic.
Typically around 4% of all website traffic that hits our firewall is malicious, and various sources state that over 30,000 websites are hacked every day.
Hackers understand security and if your site is unprotected, they will see this as an opportunity. The same way a thief will open your car door if it’s left unlocked.
Compared to high traffic websites, low traffic websites usually have fewer if any security measures in place, and the website owners don’t necessarily worry as much about keeping plugins and security patches up to date.
However, most hack attempts are not actually made by people but by automated software or bots. These bots attempt to exploit every website they crawl using a programmed method. The automated tools can crawl a huge volume of websites, and find vulnerabilities and weaknesses with little effort.
If the method has been successful in the past, the bot will follow the same process to attack more websites to achieve the same outcome. Those without adequate security, regardless of traffic, are the ones exploited for countless reasons.
Now let’s look at 8 reasons why your website might be hacked.
Here are 8 reasons why a hacker might want to gain access to your website.
Probably the most obvious reason, as data is a business’s greatest asset. With the introduction of GDPR and other privacy laws, designed to clamp down on companies leaking data like an old tap, data has become even more valuable.
If you website contains signup or contact forms, the data submitted here can be stolen and sold for advertising or even bank fraud where more sensitive personal data is involved.
If you’re selling online, then payment information can also be compromised if collected via your website. These data breaches all must be reported to the ICO.
Once compromised, some hackers will use your website as a platform to promote their own or 3rd parties. Placing backlinks and spam links, aiming to direct traffic away from your site to their own.
The increase of traffic will help their own websites, quite possibly earning money from adverts served on the page or generating affiliate money from the additional traffic. Usually directing users to products such as pharmaceutical, gambling or those of a sexual nature.
If you rely on organic search results for new traffic, then you will appreciate the importance of your page rankings and how long and hard you may have fought to get into prime positions.
Once compromised hackers may change page names, and links to other websites for link building, using your reputation to improve their website’s own rank, which will be completely ruined if a hack becomes detected.
Google will display a message within the search results that informs potential visitors that “This site may be hacked”. Putting off visitors until you are able to resolve the issue.
Google do not always update this as quick as you can solve the hack, so even long after your have resolved the issue, the warning could remain displayed.
If your website becomes compromised, your site could be infected with viruses and malware to capture your visitors information and thus infect their computers or steal their data.
If your visitor’s computers are not adequately protected, hackers could use their systems as well as your server to send out spam emails. As the emails are being sent by yours or your visitors computers, they are nearly impossible to trace back to the culprit.
Whether a personal attack or not. Some hacks are an attempt to cause major disruption.
Whether that is by putting unnecessary load on the server to ensure the website becomes unavailable to users, or just to render your website unavailable so your business suffers. Especially impactful for eCommerce or paid membership websites.
Hackers are not just after your data, but also your website resources such as bandwidth. Bandwidth can be expensive, so being able to utilise multiple website’s bandwidth for torrents and other similar traffic can be a profitable exercise.
Recently with the rise of Crypto currency, people have been hacking websites to use their resources to ‘mine’ crypto currency.
In February 2018, the BBC reported on the accessibility plugin ‘Browsealoud’, that had been exploited by hackers. With its users’ computers having their processing power hijacked, as well as the thousands of websites that used the plugin.
If your admin account is compromised, then a hacker can revoke your access and then request a payment to allow you back into your website and database.
Symantec stated in 2017 that hackers were typically demanding around $522 to return access to website owners. But for bigger businesses, this figure can be much higher.
“Some people just want to see the world burn”. Yes we stole this from Batman, but it’s exactly right. Some people will do this just because they can.
Some people like bungee jumping or mountain climbing, whilst some people seek thrills through hacking websites. Some even hack unsecured baby monitors and spy on breastfeeding mums.
Those hacking for fun or simply to learn, will use your website as a guinea pig in their learning journey. Some of these hacks are to deface or vandalise a website, placing visual messages on the site or changing text and images.
In short, insecure websites are obviously at risk from all of the above, and many of these types of hack are preventable by implementing adequate security measures.
Firstly have any of your users or customers reported that your website has any incorrect links?
Sometimes this may not be the quickest way of identifying that you have a breach, and by this time your site may have been compromised for quite time depending on how much traffic your website receives
When viewing your brand within search engines, if Google has detected that your website is hacked, it will display a message “This site maybe hacked” notifying your potential visitors as mentioned above, this can be another identifier.
You may be contacted by your host if they’ve noticed some suspicious activity on your server.
If a hacker is sending spam emails from another business server yet featuring a link to your website, chances are they have compromised your site. They tend to place a link to their own website, somewhere on yours.
The link redirects users without being flagged in spam filters, by using their own, they stand a higher chance of falling into the spam nets.
You may notice certain pages or areas of content that does not appear correctly. Additional text or random links that shouldn’t be there. This could mean that your site has been compromised, a site check will provide an indefinite answer.
By opening up a Google search page and entering the following
Site:yourdomain.com (replacing your web address) This will bring up every page indexed in Google.
Depending on the number of pages your website has, you might be able to recognise any pages or content that seem suspicious.
Alternatively you can run a quicker and far easier test using a free tool provided by Sucuri. Check out the link below.
If you want to find out if your website has been hacked, Sucuri provides a free hack check via their Site Check tool. It scans for malware, injected spam and also checks to see if your website is blacklisted.
Use the Sucuri Site check tool now.
Give us a call on 020 3355 8747 and we can provide a site recovery and clean service. Either by restoring backups or removing any of the malicious data. We can also help by providing ongoing security measures to prevent the same thing happening again.
Our WordPress Support & Maintenance plans come with Sucuri firewall protection inclusive. However, you can opt to go direct with them or another WAF provider.
However, a firewall is only one part of the puzzle. We’d recommend many other prevention tactics, most of which are carried out as standard as part of our Support Plans.
You can learn more about our WordPress support plans here or call James on 020 3355 8747 to learn more.
