When I talk to bloggers and website owners about the important of security, I'm often asked:
"Why would hackers picking on my obscure little blog?"
Your blog or website is not specifically being targeted. The attacker is using a bot (software program) that is simply fed a list of domain names to check. The bot's goal is to look for specific vulnerabilities. When a vulnerability is found, the attacker does one of four things:
Defacement - You wake up one morning and discover that your website as been replaced by one advocating 'Free the Armenian Freedom Fighters' or something akin to the adjacent image.
Viagra - This one is so frequent and well known it has its own name: Pharma Hack. Your website is altered so that to a normal visitor it looks just fine. To Google however it looks like a page of links to an online Viagra store.
Remote Control -The attacker installs malicious code on your site that puts it under the attacker's control, adding your site to the attacker's botnet. Large-scale distributed denial of service (DDoS) attacks almost always employ such botnets
Remote Control Installer - This one is even more insidious. The attacker installs malicious code on your site that causes your website visitors' computers to be infected and become part of the attacker's botnet.
What Should I Do?
Every website owners should be doing three things:
Implement Security
We recommend two solutions:
- Sucuri.net
- Wordfence
There are differences in functions, features, and price between Sucuri and Wordfence but these are the two products I use to secure my sites and those of my clients.
Keep WordPress and Plugins Up To Date
I can't stress this enough. For example, Just yesterday I received notification that a Cross-Site Scripting Vulnerability has been discovered in one of the plugins I frequently use. I've now updated all those site. The best thing you can do to keep your site protected is to keep WordPress and your plugins up to date.
Strong Passwords and Non-Obvious Usernames
Do you use 'admin' as the username to log in to your website? You might as well put a big bullseye on your home page. Use something obscure. Look at your profile page in WordPress and verify that your nickname and display name are different from your username. Use WordPress' New Password function to let WordPress pick a really strong password for you.
A Plug For Our Services
We have a high-end service available to high-profile clients with high-visibility mission-critical websites. It is expensive but but if you absolutely positively cannot afford to be hacked then you should contact us.
Recent Comments