Hackers are like the mosquitoes of the web. They can be itchy and annoying or carry deadly diseases. Luckily, like with mosquitoes, you can be vigilant and protect yourself from these pests!
First of all, who gets hacked? WordPress, Joomla, and Drupal combine to support over 75% of all CMS-powered websites currently online, and, guess what? They can all be hacked. *Cue thunder.* To give you a rough idea, 73.2% of the most popular WordPress installations have vulnerabilities which can be detected using free automated tools. That makes a hacker’s job pretty easy! While anyone can be hacked, some sites are higher risk than others. To evaluate your risk of being hacked, examine your site’s size, information storage, and traffic.
Regardless of the size of a website, everyone is at risk. However, the type of risk varies by size. Big businesses make a lot of sales and therefore have a lot of sellable data. At the same time, those large companies usually have advanced security. Comparatively, small businesses make fewer sales, storing less data, but can have weaker security. Small businesses can protect themselves from being a target by performing regular audits and updating their sites regularly.
Based on the type of information you collect, you can be more or less at risk for hacking. Sellable data such as credit card details, addresses, email addresses, and password reset hints are all cash cows for the black market. Identity theft is very profitable and uses three main data points; government ID information, date of birth and address. Keep your server secure to prevent hackers from accessing this information.
More popular websites are also at a higher risk of being hacked. Hackers strive to distribute their malware on to as many devices as possible. High traffic websites make this quicker and easier.
So, why do hackers even exist? Unfortunately, there are several reasons to hack. The most innocent reason to hack? It’s fun! Finding vulnerabilities in a site’s security isn’t easy. Hackers oftentimes practice their craft just for the challenge. Hackers may also engage in ‘Hacktivism’, or hacking for a social/political cause. The goal of hacktivism is more disruptive than malicious, include website defacement, denial-of-service attacks (DoS), redirects, website parodies, information theft, virtual sabotage, and virtual sit-ins.
Tapping into CMS sites is an illegal yet free way to obtain extra bandwidth. This bandwidth bounty can then be sold on black markets for VoIP, torrents and other similar traffic. A hacker can also turn your website into a bot for attacking other sites! By using sites as bots, hacks are harder to trace back to the source. Bots can be used to enable another reason for hacking: cyberespionage! This type of spying is used in politics, between governments and countries, and among major industry competitors. While your site probably isn’t getting spied on, it can be used in the practice!
In an even more malicious manner, hackers can use your site to store illegal files and malicious software. No one wants to be caught with torrents, malware, stolen confidential data, or other illegal content. Hackers, then, can hack into websites and web servers to store such content on them. Performance is not affected by this added content, so website administrators may not even notice that their website was hacked!
If you have been following our blog, then you know the importance of SEO for a website’s organic traffic. Rankings on a search engine results page can make or break sales. Of course, if there is a buck to be made, hackers are working on it! Hackers can hack websites for ‘Black Hat’ SEO purposes. This includes benefiting a client’s site by anything from embedding links and keywords onto a hacked website, to sending spam emails from a hacked account. The worst part? Once the hacked site realizes it’s been hacked, they receive the search engine penalties and have to spend the resources to clean their site. We know, it’s not fair.
Now that we know why hackers hack, we can look at our own sites! Even if a website is small, it’s still at risk. CMS security is not only essential to maintaining your business but also to monitoring the safety of the entire cyber community!
How to Stop Hackers
First of all, improve the security of the server. SSL enables encryption. This means that when sensitive information, such as a credit card number, is exchanged via your website or between internal servers, it is safe from third parties. Encryption also means that data isn’t modified in transit between servers and computers. With these direct transfers, hackers can’t insert anything malicious into the messages or data. In other words, SSL certificates keep data safe against hackers and protect sites from suffering the consequences of storing malicious code.
Next, improve Drupal security. Drupal is constantly updating to fix vulnerabilities. Staying updated on the latest version of Drupal prevents websites from being targeted. You can stay in the know by regularly monitoring Drupal’s Security Advisories. In addition, with Drupal, “There’s a module for that.” There are many security-related modules that can help you manage security for your Drupal site. You can find out more about enhancing security with contributed modules: https://www.drupal.org/node/382752
Lastly, prevent unwanted users from being able to create accounts by securing your configuration. This can be achieved by using unique usernames for admin and user accounts, or requiring admin approval for account creation. Most importantly, make sure you logout when you have completed a session.
When it comes down to it, nobody wants a hacker playing around with their site. No matter the size of your site or the importance of information you store, CMS security is a necessity. Performing regular audits can catch suspicious behavior before anyone gets hurt.
The biggest mistake in CMS security? Waiting! Get started on your web protection today! Schedule a call.