Boldacious Digital - Custom Digital Solutions

Low-Code Automation Consultant & Developer - Helping your business stay connected

You are here: Home / Black Star Radio / Why Do Hackers Attack My Website?

Why Do Hackers Attack My Website?

Photo by B_A

Mark
You wanted to talk about how virtually every business nowadays, has an online presence, a website and things like that. And they can be the target for hackers. Why are hackers interested in small business websites – what’s going on.

Seamus
Yeah. One of the biggest questions I get from a small business with a small website is – “I don’t really need security for my website because there’s nothing worth, you know, sort of pinching if you like or taking from my website” – that’s really a bit of flawed thinking.

So, let’s look at the stats first. In 2019, there was an attack on a website every 39 seconds, and hackers steal 75 records every second of the day of the year. So they’re out there. Most attacks are done by an automated tool called a bot. So, for the hackers, it’s not personal. They don’t care who you are. They just sort of attack all these websites and they just get a list of them, they don’t even know who you are. They don’t care. So it’s a very scattergun approach so the size or importance of your website in a way is totally irrelevant to what the hackers are after.

So why do hackers attack websites in the first place? One of the things is that they can use your website, small or large to redirect traffic to spam, you know, or illegal or porn or viagra sites. So the size of it and the value of it as in data is irrelevant to them, they just use it as a tool to do other things. If you’ve got a slightly bigger business, there’s this thing called ransomware where a hacker will hack into your website, close the website down and say, until you pay me the ransom, usually in something like Bitcoin so that it’s anonymous. They’ll say “We’re going to keep your website, shut down so you’ve got no access to it”. And for the websites that get attacked like that, the average time is 10 days that they are offline, which is a long time for a website.

Another big reason is kids, hopefully kids anyway, just having fun, and being a bit bored so they’ll see if they can hack into a website so you can sort of think of it as the modern day version of graffiti

Another reason is they can get into your website, and then steal any user data there.

That’s a possibility but it’s not the highest ranking sort of use of it.

Mark
But it is something that’s known about or heard about when you see these big businesses with websites have been hacked, and then contact names transaction details banking details, all been taken.

Seamus
Yes. If you’ve got a small business website – credit card details. You shouldn’t ever have them on your website that you’ll be with PayPal or Stripe or some other, you know, card processing place like that. But what people can do is, steal your clients’ usernames and, not usually, their passwords, but sometimes, but it’s still there’s a lot of data that they can get so it’s still you know it’s still something you’ve got to be aware of.

Mark
OK, so what are the ways to secure, what are the steps that any business big small in indifferent? I’m probably talking about the small to medium businesses that we see in town to actually protect a website.

Seamus
WordPress is the biggest sort of framework that people use to build websites. These days it runs about 35% of the websites on the known worldwide web. And one of the reasons WordPress is often attacked and it is attacked hugely by hackers is this: It’s a sort of a standard framework so they can automate attacks on WordPress websites very easily, and very efficiently. WordPress itself is actually quite secure. But how people use it is where the insecurities lie. Now, with a WordPress website, you have plugins which just add functionality to your website.

And most people have somewhere between 5 and 25 plugins. One of the biggest ways that hackers get into your website is with outdated plugins. So often a plugin will, sorry, a hacker will make some malware that will be able to get through a plugin or get into a plugin into your website via a plugin.

And then the plugin manufacturer makes a patch to cover that security hole that the hackers have discovered and this could keep on going on and on and on. So, one of the first rules to do is to update everything. You might have to back up your website before you do it, it’s a good idea to do that. And it is a pain but basically just, you know, keep everything up to date.

The next big one is use strong passwords. And with a WordPress website you log in with a username and a password, a lot of people use the username like admin or something like that

Mark
adminadmin.

Seamus
Yes. And hackers know all those things – you think you’re being clever but you know there’s – if you’ve got a million people, there’s gonna be, you know, 1000 people that are as clever as you that use the same password and hackers know that and they’ve got access to that. So, make a username a random string of letters, and then make your password, a random string of letters as well. And some of the better security plugins that you can put on WordPress actually have a list of the compromised passwords that they know that hackers have, so they can say if you use a password that’s been in a hackers list they say don’t use that use another one. That’s a very good extra thing.

The other thing is use 2 Factor Authentication

Mark
Is there like virus protection that can actually protect your website? Is there a company that can do that?

Seamus
Yeah, there’s quite a few this sort of, it’s probably getting too detailed in this talk today but there are different types and different ways of securing your website. One is to sort of secure it internally and the other is to put a sort of a fence around it, if you like, and there’s a very well known free plugin called WordFence and that uses that way. I tend to use something like WordFence, plus on the internal security plugin as well. So that’s sort of the ways of doing it, and there are lots of different security plugins available to use for WordPress.

Mark
Of course, you’ve got all this information up on your website for people to take a look at further?

Seamus
Yes, you can do that. And also if you’re using a plugin in WordPress, WordPress has plugins in its own sort of in its own system, and they give you all the details of like when the plugin was last updated. Is it compatible with the current WordPress version? How many people use it, and how many people like it and how many people don’t like it? So you can get a lot of really good information about a plugin and you should actually research a plugin before you add it to your website. Just because that is the biggest way the hackers get in.

Mark
Actually one very quick question before we go because we are running out of time here. If you’ve got a website you got a business and everything else, what’s the warning sign that alerts, a company or a business that they may have a problem. Is there any warning signs that they can take a look at is there I mean, all this other than slow down and it was just not operating to command, how does that work?

Seamus
Sometimes it’ll just to stop sometimes, you won’t notice any difference but there’s if people go into your website. They’re redirected to another website like an illegal one or quite often Viagra or porn. And unless you go, like a lot of people don’t look at their own website very often, and they don’t realise for a few days that that’s happened, but you’ll usually get a notice from Google saying you know your your website’s been compromised.

And there’s other things that they might just deface one page that you might not look at so it’s sort of a yes or no answer. Really, your webmaster should know if you’ve been hacked or attacked,

Mark
A lot of these small businesses – they’re actually as you said going into programmes and creating their own website because a lot of them say we don’t see the need to have the cost of having a webmaster look after it.

Seamus
Now, if you’ve got a Wix or Weebly or Squarespace site and they’re alternatives that are easier to use than WordPress. Then they look after your security pretty well but if you host your own WordPress site you’ve just got to do a bit of research on good security plugins and good security practices and do those practices. That’s something you should just do if you don’t do that. just take the time and do it.


Mark
In other words, always be aware take precautions keep an eye on your site because there always are nasty people out there that want to do things to you.

Seamus
Correct, yeah. And remember, it’s not personal. The value of your site in your mind is irrelevant they just target all WordPress sites.

Mark
Okay, now this is up on your website if people want to find out more, maybe more about the security so what’s your website?

Seamus
It’s boldacious.com.au. But you can also get it from any sort of you know that you can do lots of research on security for Word Press websites.

Mark
Thanks very much for that. And for those who have websites, just be aware that they could be targeted, even if they’re not actually wanting to go directly to your company.

Have a good day mate.

Seamus
Okay, thank you.

Mark
Thank you very much Seamus Campbell.

Transcribed by https://otter.ai

Related Posts

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *