I was speaking to a group of individuals a few weeks ago regarding their websites, and a question about WordPress security came up. Specifically, the question was regarding why anyone who didn’t run an e-commerce site should worry about website security at all. The individual suggested that because they had no sensitive information on their website such as credit card data, hackers would have no reason to try to gain access to their website.
Sure, the theft of credit card data is a concern for website owners and brick and mortar store owners but it is hardly the only reason why someone would hack a website.
Reasons Why Hackers Attack Websites
- Using your site to distribute viruses.
Hackers can only hack computers that they have some sort of access to. That means if they want to put a virus on your computer they need to have a way of accessing your computer. Since they likely can’t get you to come to “LetMeHackYou.com” to distribute a virus onto your computer, they need to get you while you’re on an otherwise reputable website where you wouldn’t suspect that you would get hacked. So, these hackers will put their viruses, malware, etc. onto someone else’s website. The website’s visitors will unknowingly download the hackers viruses through some disguised links or other method. This allows the hackers to remain anonymous (the virus is on your server not theirs), and target large numbers of unsuspecting people.
- Using your site for other attacks.
Often times hackers want to target a specific website to conduct a “Distributed Denial of Service” (DDoS) attack. This basically sends so much traffic to a website that the server gets overloaded and it crashes. Financial institutions and government websites often times are the target of these attacks. In order to remain anonymous, the hackers use other websites to create a network that allow them to attack these specific websites.
- Just for kicks or to make a statement.
Hacking groups have often times hacked into a website just to prove that they could. They may change the homepage with a message saying who hacked the site to show off to friends, or to earn credibility as a hacker. Other times websites will be hacked to make a statement. For example if a company uses chemicals that may not be environmentally friendly, an environmental activist group may hack their website to make a statement.
There are surely other reasons why someone would hack a website, but those are some of the more common reasons.
Are WordPress Websites Secure?
Despite some successful hacks on WordPress websites in the past when properly maintained, WordPress is a very secure platform to run a website on.
Now what does it mean to properly maintain a WordPress website?
WordPress is the base of an open source software that is backed by thousands of developers. Whenever there is a security bug discovered in WordPress, those developers makes sure it gets squashed pretty quickly. However, WordPress websites can easily get hacked when those security bugs aren’t fixed right away.
For example, if you have a plugin or theme, or even WordPress itself that you haven’t updated in a while you are leaving your website exposed to potential security holes. This is an easy way for hackers to gain access to your website to upload viruses to your visitors computers, or even launch an attack on another website.
Simply updating your website is not always enough. You need to be proactive by not only keeping the site’s software up to date, but also by staying a step ahead of the hackers with regular security scans of your site to ensure no viruses are actually on your site.
Hackers will look for the “low hanging fruit”, or the easy websites to hack. If they can detect that you are using out of date software, they can exploit known security holes in that outdated software in order to gain access to your site.
Can You Help Protect My Website?
Glad you asked! Of course!
As part of a regular website maintenance plan, we will help keep your website safe and secure. If a hacker should get into your site, we’ll make sure to clean up their mess for you. Our maintenance plans come with regular offsite backups, so your website data will always be recoverable.