Hacking: why SMEs need website security too

On Tuesday 28th October, President Trump's campaign website was hacked and seized.

See the full details on TechCrunch:

And it's easy to think that as a small business you're safe from hacks, because who would want to bother with your tiny website when there are all those big companies and high profile people with more money, right?

Unfortunately, no.

What are website hackers after?

The TV programmes always show hackers trying to (and mostly succeeding to) gain access to high-security servers of organisations like the FBI, the CIA, the White House etc. So it’s natural for a small business owner to assume that as they don’t have any top-secret information on their website, then a hacker wouldn’t interested in their website.

In reality, that’s not the case. Here’s why hackers love attacking small business websites:

• To use your server to send spam/scam emails
• To use your website to plant spyware on your customers’ computers and devices
• To divert your traffic to their dodgy websites
• In order to hold your website to ransom

How to prevent your website from being hacked

Don’t use plugins

If you’re managing your site yourself, then you may have no option but to use plugins, but you should know they are a big risk. One of the reasons our software for WordPress helps your site stay secure is by not using the standard plugin framework. Instead, we overlay WordPress with our proprietary software that delivers a better front end experience.

Plugins are a risk because it’s easy for hackers to find out which plugins you have and then exploit known vulnerabilities in their code. And it doesn’t matter if they’re a ‘trusted’ source. Recently Ninja Forms and Elemental were both found to have major vulnerabilities and the list of minor plugins that have been hacked over the years are countless.

Protect yourself against brute force attacks

Whether you’re amending the code, using IP Blacklisting software or just monitoring who’s attacking your login page, please don’t leave your website unattended and without protection. Imagine that there’s a little programme that can automatically test (as an example) 218 trillion password variations in 22 seconds.

Always keep your website content management software up to date

Most content management software companies do their utmost to help you keep your website safe. They do this by publishing updates which will include improvements and security patches. Keep your website software up to date on a regular basis and you’ll be helping to keep out unwanted intruders.

Set up automated backups of your server/hosting

As an extra precaution (plus it’s just good practice) make sure you have an automated back up happening every day or so. But again, you still need to keep an eye on your website as there’s no point in restoring a back up that’s a back up of the compromised software.

Need help? We specialise in rescuing websites – get in touch via our contact page or call 01767 222631