One of the biggest nightmare of every website owner is to wake up to the news that their website’s been hacked.
It’s terrifying. Mind boggling. And overwhelming, to say the least.
So Has your website ever been hacked?
In 2017, victorwinners.com was hacked.
I don’t know why it happened. Or the reason behind it immediately. But i had this huge picture posted on my login page.
On a curious check, i was able to find out who was behind the incidence. Ransomeware!
I didn’t know their mission or the reason behind the attack so i decided to carry out some research. And this is what i came out with….
A true story of one big shot website that got hacked. With this, you should be able to have a feel of what happens when your website gets hacked.
In 2015, a group called “the impact group” stole the data of Ashley Madison, one of the world’s popular dating sites that helps married folks engage in extra marital affairs.
The data including phone numbers, email account, home address and banking details of the site users were stolen.
The hackers asked the website owners to bring down the site threatening to expose the identity of the users and publish the whole information on the internet if the company refused to bring down the site.
Considering the economic loss that would amount to, Ashley refused to oblige their request.
So the hackers went on with their threat, publishing the entire information on the internet. On the dark web precisely.
Imagine the distraught in people’s faces when they found their loved one’s email on the site. The blackmail and feelings of betrayal.
People were scammed to pay money so they won’t be exposed. Others were humiliated and publicly shamed.
According to a report by fortune magazine, so far, the Ashley Madison’s hackers have posted personal details from 32 million of it’s users on the net.
At this point I’m sure you’ll like to know what kind of information you have on your website and blogs. And how safe these information are on in there.
The number one reason hackers hack into other people’s account will always be the same. To steal your data or compromise your platform for their own interests.
If you’re a public figure for instance a person can hack into your account just because he wants to use it to spread information that’s against your personality, brand or what ever you represent.
For corporate organization and banks, people may hack into your websites just to steal your clients’ data for criminal purposes.
Talk about the guy that was caught some days ago after allegedly being paid more than half a million naira to hack into JAMB website
Somehow you may think oh i don’t have a popular blog or website. So why would people be interested in hacking into my account?
Or why should i even protect my website from hackers?
Most hacking activities are automated.
You have to understand, most of these hacking activities are automatic in nature. Only in few cases are they specifically targeted.
Just like Google bots crawls websites to find out latest contents and so on, most hackers have their bots crawl websites to find out vulnerabilities.
These vulnerabilities could come up through your web host, WordPress theme you’re using, plugins or even weak passwords.
And whenever the bot discovers any vulnerability, your site will be compromised.
Although there are a few cases where some major sites gets targeted. Like the Ashley Madison hacking case.
And these are mostly to settle some scores. Be it political, economic or even social scores but besides that it would serve you well to understand that any website can be hacked.
What do hackers gain from hacking people’s website?
- Settling scores. Like i mentioned earlier for the targeted hacking activities, these ones are most times used for settling personal or corporate scores.
- Sometimes it could be politically motivated by political opponents.
- At other times, it could be induced by your competition. Especially if you’re into any activity that’s generating income…
- Your competitor could target your site just to redirect your clients to his website.
- Using your resources. Hackers can plant a malicious code on your servers and this would give them access to sending spam messages to your website users or causing other havoc and you’ll never trace it to them.
- Hacktivists. These guys are just like activists. Only that they use hacking to send across their message. These were the guys that hacked my site.
- Their motive is to get your attention at a particular cause. And they could either lock you out of your site (like they did to me) or use other means.
- To get information. Hackers can get into hacking your site just to get some information. It could be your user’s data or any other information and they can use same for whatever purposes they want.
How to protect your website from hackers?
There are certain steps you can take that will really help you keep your website safe from hackers.
- Get a reliable web host. According to an infographic report by Wp Template, 41 percent of hacking activities is caused by vulnerabilities in the web hosts.
- So before getting a website, you’ll have to really consider the web hosting provider you’ll be using…
- I’d highly recommend you avoid shared hosting but where you don’t have much to spend on dedicated hosting, make adequate background checks on the web hosts.
- Find out how reliable they are. How often they provide regular scan and backups on their servers, Other people’s reviews on their hosting services and then settle for high quality web hosting.
- Change your password periodically. One of the effective measures that will help you keep your website from hackers is using strong passwords that will be difficult for people to guess.
- Be sure to mix it up your password with special characters and numbers.
- Then change the default username from admin to something suitable, say your name (especially for WordPress users).
- Also to stay safe, you’ll have to change your password at intervals. Whether you’ve noticed any suspicious activity on your website or not.
- Limit login attempts to your website with plugins like wordfence. Or login lock down.
- To give your website extra security from hackers, you will also want to hide your wp-config.login.
- There are plugins to do this if you’re not technically savvy. Although this is not entirely necessary unless you’re highly targeted.
- Get regular backups for your website. This will save you so much pain if you wake up one day and your website is gone. (talking from experience here).
- Don’t depend on the backup from your web hosts alone. (it failed me).
- To save your website from hackers, be sure you have a consistent external back up of your site, different from the one on your servers.
- Here at Victor Winners Digital! we make sure all our client’s websites are backed up externally.
- There are both paid and free platforms that can help you back up your website to the cloud or elsewhere.
- Don’t accept any web design that comes without an automatic backup. This will save you lots of pain in the future.
- Update your plugins, software and themes. A large chunk of hacking activities is enabled by vulnerabilities in plugins, themes and other website softwares.
- Be sure to monitor, update your plugins and themes from time to time. This is one of the best website security measures you’ll take.
- Keep your WordPress installation up to date at all times.
- Delete all unusable plugins or themes. And desist from using extensions that have not been updated by their owners in say a year.
- It can cause serious issues for your website / blogs. You can’t afford this when you’re supposed to protect your website from hackers and vulnerabilities.
- If you realize a plugin you’ve been using has been abandoned by it’s maker, find a replacement for it…
- There’s no use patronizing plugins that are highly targeted by hackers.
- Know when to allow users’ uploads on your website. Some attacks are caused by uploads like this especially when you’re yet to set up a robust security system for the website/blog.
- Log out your account whenever you use any public device to access the internet…
- Chances are, you never can tell who’s interested in compromising your website or blog, just for curiosity reasons.
- Be sure to logout of all your accounts, change passwords or wipe the phone memory entirely when ever you lose devices.
- Don’t ever underestimate the ability of hackers when it comes to your site.
- These guys can steal your data, readers’ data, manipulate your site or even redirect the website visitors to a different website entirely upon hacking into your account.
It doesn’t even matter how big or small your website is. A site as big as CNN has been hacked.
Same thing with a site that is less than 10 days on the internet. So what matters is that you have to consciously protect your website from hackers.
Last year Wordfence analysis showed that under six months, my website recorded over 605,000 mostly automated login attempts from hackers.
And you can imagine, we’re not even among the top 500,000 websites to start with.
So that proves it all. Hackers are on the loose. And some of them are doing it just for the fun of it.
You have to put in strict security measures to protect your website from getting hacked.
Again as a wrap up, understand hackers are always crawling the web looking for vulnerabilities to gain access to other people’s websites.
And anyone can fall a victim so you’ll want to do all it takes to keep your website away from these guys.
Take the above steps and stay safe.
Be sure to get a good web host, update your plugins and softwares consistently, get a backup for your website and most importantly, get a good website designer to set up your website securely.
The bottom line is that anybody can get hacked. We have to protect our websites from these criminals.
You have to stay proactive by taking measures that will help you secure your website from hackers.
Also if you ever get in a situation where you find your website hacked, don’t get panicky. You’ll take a rash decision if you do.
Breathe in deep and then find out the best way to restore your website.
Do you have any other strategies you’ve used to protect your website from hackers?
Let’s hear from you.