On Sept. 23rd Google Webmaster Central posted a blog concerning website safety. In it they state, “Thus far in 2015 we have seen a 180% increase in the number of sites getting hacked and a 300% increase in hacked site reconsideration requests.”
At Leap we have unfortunately confirmed this trend with two hacked websites in the past three months (compared to five years of zero hacked websites).
How do hackers access your website?
Hackers typically access your website by finding vulnerabilities through simple logins (like password: admin123) or within the code. Outdated plugins and wordpress versions are also a target for hackers. Plugins are a software component that adds a specific feature to an existing software application, typically used for galleries, contact forms, and sliders on your website.
When developers release new versions of their software, it’s posted publicly, essentially leaving a trail for hackers to find a loophole in the old software.
What happens when my website is hacked?
- Worst case scenario is that your website goes down and you are unable to access it in a browser and even the admin console.
- Just as bad is that your website gets flagged by Google as being hacked. When visitors google your company the search results will show in bold lettering that the website is considered hacked and advise consumers against clicking on it.
- Until your website is cleaned up, the website is considered hacked by Google. This means that you could potentially lose website rankings, and obviously much of your website traffic. Recovering website rankings can take months and be very costly.
How do you prevent this from happening?
- Stay informed on what’s happening on your website. All websites developed by Leap are setup with a Google webmaster account as soon as they launch. Within that account your webmaster has a direct line of (mostly one-way) communication with Google where they tell us if you have broken links, pages not working – or if your website has been hacked. It’s important to check this account regularly and fix errors that are being noted there.
- Keep WordPress and Plugins up to date. Old software leaves your website vulnerable to attacks. At Leap we take a manual approach to updates since new software releases can affect your website. Auto updates could break forms and galleries, or cause other formatting issues.
- Have website safety monitoring on your website. Website security companies will monitor your website daily for any suspicious files and promptly notify you and remove files that are suspicious.
- Install a firewall on your website. A firewall routes web traffic through a separate server determining whether it’s safe traffic or not before allowing it to go to your website. This does not cause a delay for the end user.
How Firewalls work (photo courtesy Sucuri)
Unfortunately website security is becoming a prominent issue and we urge you to consider investing in security for your website. If you are interested in our website safety packages featuring firewalls by Sucuri, please contact us at firstname.lastname@example.org.