When was the last time you checked the security of your website?
Most attacks on websites aren't personal; they're automated, targeting vulnerabilities. Even small sites can be at risk. Here’s how to protect yours.
Harry Sanders
June 27, 2016

“Why would anyone hack my site?” you might ask. Well, let’s be clear, the majority (99%) of attacks are not targeted to a specific company.

The fact is that most, or the great majority, of attacks are automated¹.

This means that various bots (pieces of software) developed by hackers crawl the web and look for vulnerable websites.

Then if they’re successful, the website will get added to the hacker’s collection and can be used for any purpose, or sold out to other hackers. These websites can then be used as link farms (spam), ISIS propaganda, extracting users’ personal (or credit card) information, and anything inbetween.

You really shouldn’t feel overly safe just because you run a relatively small website.

Hackers don’t discriminate.

A recent example that I think shows this off very well is the website of Australian politician, Rob Oakeshott. This goes to show that getting hacked can happen to anybody, at really inopportune times.

The website was fixed as of a couple days ago, but it stayed that way for two weeks, for anyone googling his name to see.

Hopefully at this point you are wondering what you can do to ensure this doesn’t happen to your website. There are so many different kinds of hacks, and platforms that they can take place on, so I am going to narrow this down to WordPress – one of the most popular frameworks out there, with 25% of all websites now using it, making it a prime target for hackers.

Here are my top 3 tips for WordPress websites that will significantly improve your website’s security.

  1. Make sure you are running the latest version of WordPress

    Running the latest version is probably the most obvious security measure that should be taken. However, with over 86%² of WordPress installations running outdated versions of WordPress, this point is still one that needs to be stressed. Remember that hackers are actively seeking old and outdated versions – so it is important to stay on top of your updates – just make sure to back up your data first.
    Each update of WordPress not only brings new features, but also brings bug fixes and security fixes, which help keep your website safe against the more common, easy-to-exploit vulnerabilities.

    You can update your website simply by clicking the ‘Update’ button on your website, keep in mind that the newest version might not always be compatible, if you aren’t sure contact a professional to check

  2. Make sure you are running the latest version of any plugins or themes

    Running the latest version of WordPress is not enough, and often the weakest link in a WordPress website is the themes or plugins, as they can both contain vulnerabilities that compromise the security of your WordPress site.

    The Slider Revolution plugin is an exceptional example here. Slider Revolution is a popular WordPress plugin that is used by a large number (1.4 million)³ WordPress websites. A vulnerable version used by people who had not updated the plugin allowed malicious users to steal database credentials, which would then allow total compromise of the WordPress site through its database.

    Therefore, it is essential to make sure that all the themes and plugins you are using are updated to the latest version. By keeping these up to date, you can ensure that the site is covered with the latest security updates.

    If you are on one of our support plans, you will notice that your theme may be upgraded to a newer version every so often. This is us updating the theme to correspond with WordPress’s new security measures, and to make sure all of our code is up to date with latest conventions and standards. If you aren’t on a support plan, then you should check with whoever manages your site that your theme is remaining consistent with updates – or simply chat to us about it.

  3. Last but not least, make sure your username and password are secure.

    I would wager that a good 50% of people that come to me because their WordPress website was hacked were using a username like ‘admin’.

    The first thing that hackers will try when logging into a WordPress account is ‘admin’, because it is the most common username.

    Here are the stats of attempted logins in the month of May for the StudioHawk website:

    Your username is not editable once you have made a WordPress website, and unless you are tech savvy, changing it (which is recommended if your username is any of the above) may require you to hire a professional.

    It goes without saying that your password should also be secure, and if you are using any one of these common passwords⁴ I will be very disappointed. Make sure your password is secure, and is not a combination of common words (e.g. JohnSmith1).

What is our procedure?

Our procedure is to install a few WordPress plugins for Security, such as WordFence, and make sure that we are running backups to ensure that in the event of a hack, we can roll back and fix any exploits with minimal downtime. It is also advised to limit the number of login attempts, which discourages hackers from attempting to brute force their way in. However, this doesn’t deter them from using vulnerabilities!

If you have any doubts about your website’s security, have a chat to us and we will have a look at it for free – no obligations – just piece of mind.

Get in touch!

________________________________

¹ ‘Why do websites get hacked?’ by Tony Perez – https://blog.sucuri.net/2015/02/why-websites-get-hacked.html

² ‘WordPress Stats’ by WordPress – https://wordpress.org/about/stats/

³ ‘Slider Revolution Active Installs’  by BuiltWith – http://trends.builtwith.com/websitelist/Slider-Revolution

⁴ ‘The 25 Most Popular Passwords of 2014’ by Gizmodo – http://gizmodo.com/the-25-most-popular-passwords-of-2014-were-all-doomed-1680596951

we’re especially specialist
Harry Sanders
June 27, 2016
Harry is the director and founder of StudioHawk. His main role is to innovate, adapt and lead in the world of SEO to ensure StudioHawk is always at the forefront of new adaptations in the industry. More info: harrysanders.com

Our SEO Services.

screen_search_desktop
Technical SEO

Great SEO starts with solid foundations. Our in-depth website audit will help us uncover any “behind the scenes” technical issues that are hindering your SEO.


Learn more

shopping_basket
eCommerce SEO

In the world of eCommerce, competition is fierce. Our eCommerce SEO specialists have mastered what works and will help you reach more shoppers with credit cards in hand.

 

Learn more

location_on
Local SEO

With 4 out of 5 customers turning to search to find local information, our local SEO services will help your business show up at the right place, right time.

 

Learn more

domain
Enterprise SEO

Great SEO starts with solid foundations. Our in-depth website audit will help us uncover any “behind the scenes” technical issues that are hindering your SEO.

 

Learn more

link
Link Acquisition

Our link-building campaigns use ethical, 100% white-hat techniques to build high quality backlinks to your store. This shows Google you’re a trusted authority and worth putting higher in the search results!

 

Learn more

phonelink_ring
Digital PR

StudioHawk can help to minimise the loss of traffic to your new domain or CMS. We map and implement redirects, provide recommendations, help with site structure, monitor traffic, and report to you on the progress and any impact on your organic traffic.

 

Learn more

storefront
Small business SEO

Forget generic SEO services. Every small business is different, and things change quickly. Our specialist small business SEO experts will tailor a unique SEO strategy that works best for your business, budget and niche.

 

Learn more

language
International SEO

We’ll find your audience whenever they are in the world. We’ll craft masterful campaigns that cater to their linguistic and cultural nuances and help grow your brand globally.

 

Learn more

Australia’s biggest brands read 
our SEO newsletter. Shouldn’t you?

Subscribe to Australia’s smartest SEO newsletter for a competitive edge and 
front-row seat to what’s working today.