There are some sites that get hacked time and time again. Even though they are low traffic. Even though they serve a niche market. Let’s say you’re a dog trainer. You have a simple website that explains who you are and what you do and testimonials from satisfied customers. Your site gets 10 visitors a day. Why would a hacker choose this site?
All About Opportunity
In all likelihood, there isn’t a teenager wearing a black hoodie specifically looking up your website and saying “haha, I will attack them!” Most attacks are crimes of opportunity. A robot found a vulnerability in your website while crawling the internet and then you were targeted. Just by running a popular open source content management application like WordPress already grabs attention, because they do inherently have vulnerabilities unless they are updated and protected. Once the robot sees that a compromised plugin or an old version of the software with loopholes is running, it goes in to attack.
Why Would Anyone Hack My Site?
Even if you admit that your site is vulnerable, it still seems strange to target it if it isn’t popular. In all likelihood no one cares about the content on your website, but they merely want a host. Often the hacker is just looking for a place to store more links to affiliate marketing sites. This is what is happening when you see all sorts of spam injected linking to NFL t-shirts, study aids, Prozac, Viagra and Cymbalta. Sometimes you can see these links, and sometimes they are hidden in scripts.
When this happens, hackers can invisibly redirect your visitors to their affiliate sites. It helps them get backlinks and visitors, and it tanks your SEO because your site gets flagged as a security risk.
Mining For Gold
Digital currencies like Bitcoin need to be “mined” and this takes a lot of resources. Hackers are looking for a digital couch to crash on, free of charge, to run their mining operation.
But sometimes hackers do care who you are. Here in Israel, websites are sometimes targeted for political reasons. Hackers will take down a website because they disagree with its mission or want to make a point.
Most personal and small business websites are hosted on a shared server. This means that the website is sharing server resources with a bunch of other websites. If one of these is compromised, the attack could spread. While most hosts go through a great deal of effort to make sure that this doesn’t happen, it is a risk that you take with cheaper shared hosting plans. As a result of the security risk, hosts will sometimes suspend websites that have been identified as housing malware.
Personal Computer Security
If a personal computer is hacked, the attacker can steal information like website logins and therefore get access to a website. This can happen through malware downloads, infected software, responding to phishing emails (you know, the ones posing as American Express who aren’t really), or robots who find compromised IP addresses.
That’s when a personal computer is hacked in order to hack into a website. It goes the other way around of course too. If a user unwittingly downloads malware, the attack goes from the compromised website to compromise the computer.
If your website gets hacked, it creates a security vulnerability for you and everyone who visits your site. It may get blacklisted by Google and other search engines, tanking your SEO. It is annoying and costly to remove lots of spam and malicious code. But some precautions can prevent this from happening.
- Always keep your website software updated. If you are running WordPress, this means update to the latest version.
- Get your themes and plugins from trusted sources. Themes and plugins in the wordpress.org repository have undergone extensive scrutiny. Many third-party providers are also reliable. Make sure you read reviews and see that it’s been successfully installed and used by many users before trying your luck.
- Keep your plugins updated, and if one hasn’t been updated in a while, find out why and consider replacing it.
- Use secure passwords.
- Run a plugin like Wordfence or Sucuri to regularly monitor your site for suspicious activity. These plugins can also limit login attempts, to thwart robots running brute force attacks to guess your password.