Imagine logging onto to your computer to check out the status of your website’s Google ranking, only to find a notification under your URL that says: “This Site May Be Hacked.” Worse yet, you find out that your site has actually been shut down.
Over the years, massive brute force attack campaigns have occurred, many of which have targeted WordPress. Experts are saying some of the most aggressive brute force attack campaigns have peaked at over 14 million attacks per hour. If a hacker can find a way into just one of the hundreds of millions of active WordPress websites on the internet, they can also scan for other websites that happen to be running old or insecure versions of WordPress, and hack those as well.
This happened recently to one of our former BIG RIG MEDIA clients. The client didn’t want to pay for their company’s WordPress site to be updated, scanned and backed up as part of our monthly Worry-Free Website Hosting and Maintenance Packages. Instead, they elected to go with an inexpensive, highly publicized hosting company that you might see on television, expecting the same website safeguards. At this point, we removed our name from the client’s site for liability reasons, knowing the trouble they were likely to face.
Sure enough, within a short period of time, their website had been hacked, causing a complete disarray and delay in the loading of their website, which actually resulted in a chain reaction of infecting their customer’s and their visitor’s websites with deeply hidden malware and viruses. So, a seeming initial cost-savings may have actually resulted in doing their clients harm, via online stolen credit cards and identities at the hands of these hackers.
Left unattended
The client’s now infected website (once identified), will likely result in blacklisting from Google, as well as their site being shut down by their internet service provider. Not only does this impact the reputation of their business, but these intrusions will no doubt require costly emergency damage control. Or even more likely, they may find that their site becomes irreparable. If you’re considering the same path of inexpensive website hosting and maintenance, be aware that in today’s world, your website needs to be consistently monitored and updated.
The hacking world never sleeps, it has become even more aggressive, and has some of the most sophisticated technicians in the world. A hacker can imbed malware or a virus so deep within your website’s code, that it can go virtually undetected by standard website monitoring services.
What the Cost of Your Website Being Hacked?
On the low end, if a hacker is simply edits a few files or injects some code, you might be able to damage the repair without a complete overhaul. It may run you anywhere from a few hundred dollars to a few thousand dollars. However, that is not the case for most site breaches. If you’ve been hacked, you may find yourself having to completely overhaul your site, resulting in timely repairs, security cleanup and search engine blacklist cleanup, not to mention loss of income and company reputation cleanup.
The average cost of a cyber-attack on small to medium-sized businesses is more than $180,000. It’s critical to stay ahead of the game at all times. This is our laser focus at BIG RIG MEDIA – to be your 24/7 security ninjas, keeping your website, your #1 business platform, and your online business assets, safeguarded against a variety of online security breaches.
WordPress powers 28% of all websites, because it is the largest web development community in the world, offering some of the most robust content management systems with the most scalable web solutions, blog platform, plug-ins, SEO, google marketing, out there. However, this doesn’t mean that WordPress is infallible. The WordPress framework and plugins used for your website must constantly be updated, period!
It’s important to note that WordPress runs on “open source” code. There’s a team, solely dedicated to identifying and resolving WordPress core code security issues. As security vulnerabilities are disclosed, fixes are immediately generated to prevent any future security issues. That’s why continuously updating WordPress to the latest version is critical to your website’s security needs. Big Rig Media constantly follows the latest WordPress security logs, and updates your site continuously with the latest plug-ins.
A hacker’s goal is to gain unauthorized access to your WordPress site on an administrative level, either from your WordPress dashboard on the front end, or by inserting scripts, using outdated code. The most common WordPress security hacks occur just before or after your site has been compromised. Big Rig Media has put into place, a blocking system that prevents outdated code.
Here are Some Most Common Website Attacks
Brute Force Attacks
A brute force attack is a trial and error method of hacking your username and password, via your WordPress login screen. Even if a brute force attack is unsuccessful, it can overload your system and create mayhem on your server. As a result, your account may be suspended, most especially if you’re on a shared hosting plan.
File Inclusion Exploits
After brute-force attacks occur, vulnerabilities in your WordPress website’s PHP code, along with file inclusion exploits can transpire. Vulnerable code is used to load remote files that allow attackers to gain access to your website.
Cross-Site Scripting (XSS)
Cross-Site Scripting or XSS attacks account for nearly 85% of all security vulnerabilities on the internet via WordPress plugins. An attacker will find a way, such as using an advertising popup, to get a victim to load web pages with insecure javascripts. These scripts load without the knowledge of the visitor which are then used to steal data from their browsers.
Malware
Malware, otherwise known as “malicious software,” is code that’s been created to gain unauthorized access to a website to gather sensitive data. While there are numerous types of internet malware infections, WordPress is safeguarded against most of them. However, there are four common WordPress malware infections, each of which
can be easily detected and cleaned up by our BIG RIG MEDIA experts, who continuously monitors these types of complexities.
SQL Injections
SQL injections occur when an attacker gains access to your WordPress database, as well as of your website data. At that point, an attacker may be able to create a new administrative-level user account which can then be used to login and get full access to your WordPress website. SQL injections can also be used to insert new data into your database, including links to malicious or spam websites.
What Makes Your Site Most Vulnerable to Attacks?
Weak Passwords
Your WordPress admin password should solely be used for your WordPress website. It needs to be strong by including multiple types of characters, symbols or numbers.
Outdated WordPress Themes or Plugins
Outdated WordPress plug-ins themes can leave you vulnerable to attacks, so it’s vital to run the latest version of all software installed on your WordPress website
Untrustworthy Plugins and Themes
Poorly-written, insecure, or outdated code is one of the most common ways attackers can invade your WordPress website. Our BIG RIG MEDIA experts continuously insure that your site is loaded with the most reputable, up-to-date WordPress plug ins appropriate to your business platform, to insure your site is safeguarded against malware.
Inferior or Shared Hosting that Has Already Been Hacked
Using poor-quality or shared hosting can make your site more vulnerable to being compromised, as many do not regularly implement the latest server-level security measures to protect their client’s websites. If one site in a shared hosting plan is hacked, others in that hosting community are also vulnerable to attackers, who then gain access to their websites and their data.
With BIG RIG MEDIA’s Worry-Free WordPress Web Hosting and Maintenance, these are just a few of the components that our experts monitor, resolve and update to insure your website is secure. You can rest easy, knowing your site is maintained with 99.99% hosting uptime, resulting in near perfect reliability. We also provide 24/7 email support, as well as toll-free calling if you prefer to talk about your issue.
What’s more, as a courtesy to our clients, we regularly send out comprehensive monthly reports that outline the latest updates to your WordPress core, WordPress plugins, malware and virus scans, uptime monitoring, along with a traffic report. Our team is dedicated to your business growth, and we will stop at nothing to insure your site is performing optimally to successfully reach your desired clientele.
As always, we’re happy to discuss any questions or concerns you may have, so feel free to give us a call at (866) 524-4744.