Has your website ever been hacked? If it has, you’ll be aware of how frightening it is. Your privacy has been invaded. Your business interests have likely been compromised. You don’t know what is happening in your name and you’re worried if you’ll even be able to take control away from the hackers again. Website security suddenly becomes a much bigger priority.
Thankfully, the large majority of common attacks are easily avoidable, but many sites don’t take these basic precautions to make sure that it can’t be hijacked.
Site hacked nightmare
This is exactly what happened to one of our clients a few weeks back. One Thursday morning our project manager overseeing their project got an email saying that the site had been hacked. Someone was making edits to their site. The hackers weren’t trying to be subtle about it. Big letters across the front page declared that the site had been hacked along with the hacker’s nickname and links to another site.
As if that wasn’t enough of a headache, it turned out that someone (either the same or some other hacker) had inserted an injection onto the site which was secretly sending spam emails from the client’s server.
Restoring order can be quick and easy
It was unpleasant, but in many ways it was a bullet dodged. The open nature of the hack made it easy to spot and resolve. More malicious attacks could have stayed unnoticed, misrepresenting the company and sending out spam for a much longer period.
As soon as we got the message, it was a relatively quick and easy job to identify the malicious code, remove it and update the site’s core to protect it against similar attacks. Safe and back on track.
How the site was hacked
The hackers had got in (as they so often do) through a recently discovered weakness in a WordPress plugin. A few days prior to their hostile takeover of the site, a critical security update for the plugin was issued. Because the client had initially not wanted to foot the small ongoing cost of regular site maintenance and security checking, the latest updates had not been installed and the hackers were able to take advantage of the now widely known flaw that the upgrade fixed.
Of course, even the most experienced of security experts can’t guarantee a site’s protection 100%. Protecting against this sort of low level, opportunistic hacking though is something that doesn’t require expert help. It’s easily avoided.
2 simple steps for website security
That’s why we offer our clients maintenance and support services including regular checking and updating of their site’s core CMS, open source components, and plugins. For any business with an online presence this is a simple and necessary precaution.
And while it’s understandable that many smaller businesses might be put off by an ongoing cost, (of any size), it’s so simple to achieve that you can even do it yourself. Here’s our 2 step guide to basic level website security:
1. Ensure you’re alerted to any critical updates to the core CMS. When these happen they need to be installed as soon as possible.
2. Make regular checks (weekly would be best), for new updates to the specific modules, plugins and components used in your site. These updates are usually somewhat less urgent than those for the CMS, but the sooner they’re installed, the sooner the risk they represent is removed.
Get peace of mind
Of course, not everybody has the time to make these website security checks and updates themselves. And some feel that they just don’t have the necessary technical skills. They’re easily learned and we’re always happy to point our clients to the relevant resources if that’s what they’d prefer, but most choose the hassle-free option of simply having us make those checks and updates on their behalf. It involves a handful of hours per month and that small investment ensures a great deal of peace of mind due to the ongoing safety and smooth operation of their site.
If your site is not being checked and updated regularly, you are at much greater risk of being hacked. You need to either go now and update your site yourself as per the steps outlined above, or, get in touch with our team and have us keep you safe from these low level hack attacks. Reach out to us now to protect your website.