One of the biggest problems facing businesses today is Hackers. It doesn’t matter if you’re an online business or run a small brick and mortar shop. If you have a website then you could be a target for hackers. Which is why you should schedule regular website maintenance. I know what you’re thinking, website maintenance is about as glamorous as changing the oil in the car. Which reminds me of a car repair commercial that I saw back in the day. This particular mechanic talked about the regular service that needs to be done to your car. And at the end, he would say “You can pay me now, or you can pay me later” meanwhile, in the background, you could see a tow-truck pulling a car into a service bay. You probably get what he was implying… that you could pay your mechanic a few dollars now, or you would pay him a lot more money later.
As of 2017, there are over 876 million websites up and running across the web. Almost 60% are private and proprietary platforms. Of the remaining websites, almost 30% are built on WordPress. The other two most popular content management systems are Joomla and Drupal, but combined they don’t reach 5% of the market. This makes WordPress the big dog in the park with over 260 million websites built on it’s platform. Because of this, it is a prime target for hackers to break into.
Why would anyone hack my site?
There are three categories of hackers.
The first type of hackers, I call Destroyers. They are the ones that just like to go around breaking things. They get a thrill from the challenge of breaking into a site. They just want to get in, cause havoc and bring it down. I had my personal site broken into years ago, where the hackers changed all the images on the site (replacing them with random images) and put a huge graphic on the home page. The graphic was filled with middle eastern language, mixed with a few english words.
The second type of hackers are thieves. Their objective is to break into websites in order to steal information. For the government, there is a special task force in place to protect their websites in real-time (24/7). Just like the military, they have to be vigilant and always on guard to keep hackers from gaining access to sensitive information. But governments aren’t the only ones with information hackers are looking to steal. You might remember that Target was hacked in 2014. Those thieves were after credit card information and successfully gained access to 40 million accounts! There is no telling what some thieves want to steal, but it’s best not to let them in at all.
The third type are what I call Parasites. Their goal is to use your site to send out spam or malware to as many people as possible. When they are successful at hacking into a website, the owners don’t even know they’ve been hacked. You might own a small restaurant, and have a website that looks perfectly normal. Your visitors are looking at it for your menu, location and hours and not see any problem. Everything looks normal. You (as the owner) can even sign into the backend of your site to change the specials for the upcoming week, or update your hours for an upcoming holiday and you wouldn’t see anything wrong with your site. All the while there are malicious programs running in the background of your site. Some are using the site to send out malware in order to bring down other computers, some are using your site to spam other people. There are actually companies that use this ‘black hat’ method of spamming for their own clients. The only way these parasites are usually caught is by your hosting company. They are able to monitor the bandwidth of your site and if they see some unusual activity, they will run a scan on your site. If they find malicious files inside of your site, they simply shut it down. You might get an email regarding this from your hosting company, or you would see that your website has been replaced by a message from your hosting company. It will usually say something to the effect of: “This website is no longer available. If you are the owner of this site, please contact…” And that is the first clue that you have been hacked. At this point it could take hours or days before you’re able to hire someone to go into your site, clean out the offending files, have the hosting company rescan the site to verify the integrity of the files, and then reinstate the website, making it live again.
How does maintenance protect against hackers?
There are three links in the chain that help you protect your WordPress website.
WordPress developers. The team at WordPress.org are constantly updating their platform. Not only are they improving the functionality and user interface of their platform, they are monitoring the WordPress community. They find out how hackers are getting into websites and developing new ways to block them and remove the vulnerability all together. They work hard to stay ahead of the hackers in order to make their platform more secure. The updates can be as frequent as a few times a month.
WordPress community. There is also a strong and active community of programmers that develop plugins for the WordPress platform. Some of these plugins are security enhancement plugins that help keep the WordPress platform even safer. As hackers become more creative in their website asults, WordPress and the plugin developers are constantly making updates available as soon as they’re ready. There is no set schedule as to when these updates come out, so it is best to check on a regular basis.
You. Make sure your passwords are not simple passwords. Don’t think that your site is not ‘worth breaking into’. Every website is valuable, especially to you! Make sure your web developer is going into your website (WordPress, Joomla, Drupal, or any other content management based site) and have them update the core platform files (and plugins) on a regular basis. It’s recommended that your web developer go into your site at least once a month to check for these updates and get them installed properly.
You can make your website more secure and safe. It doesn’t take much time or money. It’s just like the maintenance on your car. Either pay your mechanic a little bit at a time, or pay him a lot at once.