[vc_row][vc_column][vc_column_text]Behind the scenes of your website, and indeed the entire online world, a battle is constantly raging. It\u2019s not the kind of battle you see in the movies. There\u2019s no blood, guns, or violence. But there are soldiers, weapons of mass destruction, and grisly battle scenes.<\/p>\n
If you\u2019re wondering what we\u2019re on about, we\u2019re of course referring to the malicious targeting of websites and software by computer hackers. The soldiers are programmers, the weapons are code, and the grisly battle scenes \u2013 well, only the IT team can attest to those.<\/p>\n
At all times, invisible to the everyday world, thousands upon thousands of hackers are online, searching for weaknesses and vulnerabilities in computer systems that they can exploit. That includes individual websites (even those of small businesses), as well as large applications that are used by millions \u2013 applications like banking systems, website systems, security systems.<\/p>\n
The rewards for finding such a loophole can be as varied as lifting credit card information, directing payments to a rogue account, using the website to promote a political agenda, stealing email addresses, or sending out spam mail. Sometimes, the rewards gained seem trivial or infantile \u2013 for example, spending hours hacking into a website in order to display a screen announcing \u2018you\u2019ve been hacked!\u2019 along with circus music and a dancing cartoon (we\u2019ve seen it happen). It\u2019s not for us to question why hackers do the things they do. All we can do, in the immortal words of Mad Eye Moody, is practice \u2018CONSTANT VIGILANCE!\u2019<\/p>\n
You may be forgiven for thinking this is all a little over the top. After all, how often does your own website get hacked? Surely this is something only the big companies, who store credit card information, need to worry about? Well, although we admit the tone of this article is a little tongue-in-cheek, it may surprise you to learn that your own website is most likely the target of a hacking attempt many times \u2013 even hundreds or thousands of times \u2013 every day. Even small websites with modest traffic. Even websites hosted in little old NZ. In fact, in the last month we\u2019ve noticed plenty of malicious activity attempted on our own clients\u2019 websites \u2013 small, local businesses with a trickle of traffic.<\/p>\n
[\/vc_column_text][vc_separator type=”transparent” position=”center”][vc_row_inner][vc_column_inner width=”1\/2″][vc_column_text]Now, don\u2019t panic. We said hacking attempts<\/em> \u2013 that doesn\u2019t mean they are successful. Most hacking attempts consist of a hacker trying to guess the password and login details to the backend of your website. They do this by running software that makes thousands of attempts at once, each time trying a different login and password combo. To summarise conventional password wisdom:[\/vc_column_text][\/vc_column_inner][vc_column_inner width=”1\/2″ css=”.vc_custom_1430464166691{padding: 15px !important;background-color: #eaeaea !important;}”][unordered_list style=”circle” number_type=”circle_number” animate=”no”]<\/p>\n So passwords shouldn\u2019t be someone\u2019s date of birth. Or \u2018admin\u2019. Or \u2018password\u2019.<\/li>\n That rules out your first name, your website name, and once again, \u2018admin\u2019.<\/li>\n<\/ul>\n [\/unordered_list][\/vc_column_inner][\/vc_row_inner][vc_separator type=”transparent” position=”center”][vc_separator type=”transparent” position=”center”][vc_column_text]Lifehacker has a great article on passwords and hackers<\/a>. Amazingly, the article shows that adding a mix of capital and small letters, plus a symbol or two, into your password can make it exponentially harder for hackers to guess.<\/p>\n We mentioned that you\u2019re probably not aware of all these hacking attempts going on daily under your very nose. Well, if you\u2019ve got a good IT team, that\u2019s because: 1) your website has been set up with some solid security features, and 2) you\u2019ve got a good IT team who are certainly aware of suspicious activity and working constantly to limit it.<\/p>\n Now we\u2019re getting to the heart of this article:<\/p>\n [blockquote text=’how small businesses can protect themselves from security breaches and hacking attempts. ‘ text_color=” width=” line_height=’undefined’ background_color=” border_color=” show_quote_icon=’yes’ quote_icon_color=”]<\/p>\n Big companies will have entire teams dedicated to this job (and much needed too \u2013 back in 2012, the Pentagon reported 10 million hacking attempts<\/a>\u2026 per day).<\/p>\n Although choosing difficult passwords and login details is certainly a good start, that\u2019s not the only way that hackers can compromise your website. Any content management software, plug-ins or themes you use can also be targeted, and if successfully hacked, can introduce vulnerability to every website which uses that software.<\/p>\n Again, this is more common that the average small business owner might realise. In December 2014, the security team at Sucuri<\/a> discovered that Revolution Slider, a popular WordPress plugin, had a critical vulnerability that left it open to attack. January 2015, Magento<\/a> reported a security issue. And on April 27 2015, just this week, a security breach was uncovered in the WordPress comments feature<\/a>.<\/p>\n In most cases, the software owners quickly release a security \u2018patch\u2019 that will close up the loophole that has been exposed. However, the problem is that many small companies ignore the patch and do not implement it on their site \u2013 or, they don\u2019t hear about the security breach and the subsequent patches required, so their websites remain vulnerable. That\u2019s when hackers can swoop in, ironically using the information released and exploiting websites which haven\u2019t moved to block the breach. To go back to our battle imagery, it\u2019s like finding out you left the gate to the castle unlocked, holding the key in your hand, and then losing the race to lock it before the hordes arrive.<\/p>\n We monitor the activity on all our clients websites and have several strong security measures in place to block unwanted traffic and hacking attempts on individual websites. When security breaches are discovered in any of the software we use, we also implement the patches across all affected websites as a matter of priority. Here, then, is our checklist of what webmasters can do to ensure the safety and security of their website at all times:[\/vc_column_text][unordered_list style=”number” number_type=”circle_number” animate=”yes”]<\/p>\n [\/unordered_list][vc_column_text]By staying aware of crucial information shared online on security blogs, plus placing key defences on your website and creating strong passwords, you\u2019ll go a long way towards protecting your website from malicious hacking attempts. Awareness and vigilance is key. If you don\u2019t manage your website yourself, call your hosting company and web developers and find out what security measures they have in place for your site.<\/p>\n At the end of the day, we can only arm ourselves with the weapons available to us and continue to fight the good fight against online hackers. But DO make sure you equip yourself with the free weapons \u2013 that is, free security tools \u2013 that are available to protect your site! And don\u2019t forget that if someone tells you you\u2019ve left the gate unlocked \u2013 your first priority is to lock it back up![\/vc_column_text][\/vc_column][\/vc_row]<\/p>\n","protected":false},"excerpt":{"rendered":" Behind the scenes of your website, and indeed the entire online world, a battle is constantly raging. It\u2019s not the kind of battle you see in the movies. There\u2019s no blood, guns, or violence. But there are soldiers, weapons of mass destruction, and grisly battle scenes.<\/p>\n","protected":false},"author":1,"featured_media":28556,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":""},"categories":[243,237],"tags":[303,292,314,321,294,295,257,277],"yoast_head":"\n\n
don\u2019t have a password that is easy to guess!<\/h4>\n
don\u2019t have a login name that is easy to guess!<\/h4>\n
\n
\nWhether your site is operating on WordPress, Magento, Joomla, or even custom-made on a framework, make sure you are up to date with updates. With custom-made sites, be prepared to update your framework if necessary.<\/li>\n
\nWe like WordFence and ModSecurity. ClamAv is also a good, free server antivirus program.<\/li>\n
\nMake sure you\u2019re in the know when security breaches are discovered and announced. That way you\u2019ll be able to update your site with the patch as soon as it\u2019s available. Sucuri.net is a great security blog with helpful information on what to do if your site is compromised by a breach.<\/li>\n
\nYour server is another point at which hackers can try and gain access to or compromise your system. Talk to your hosting company about any security features they have in place and don\u2019t be afraid to complain if you feel security is not up to par.<\/li>\n
\nYour server logs contain valuable records of all the IP addresses that have tried to login to your servers, and where they are from. Thousands of failed login attempts from IPs outside of your own country are a clear sign of malicious hacking attempts. A slow server can also be a sign that your server has been hacked and is being used for ulterior purposes.<\/li>\n<\/ul>\n