The Characteristics That Attract Hackers To Your Site
Every once in a while, I get an SOS call from a business owner saying that their website has been hacked. Typically the result is that their homepage has been redirected to an undesirable website. Sometimes, they are alerted by Google Search Console that their site has been breached.
Hackers are a devious bunch. They know how to exploit even the faintest of vulnerabilities on your site. Once they know they can crack into sensitive information or are able to redirect to promote their site, they will keep doing it again and again until you have fortified your defences.
In order to stop attracting hackers to your site or make it so your site is never preyed upon, you need to recognize the risks and act quickly to ensure valuable data stays out of prying hands.
What Do Hackers Want From Me and My Site?
Before the advent of internet payments, sensitive information like personal ID numbers and banking account details, was more difficult to access. Although saving passwords online and making electronic payments is extremely convenient, it also puts people at risk of having their identity and so much more stolen from them unknowingly.
Hackers do a lot with the information they receive. They might be after money, your identity or have other aims like disrupting service, vandalism, or injecting your computer with a virus. They may want to promote their own products (usually ones you don’t want your business associated with), by redirecting your site to theirs. However, hackers don’t always need to have a reason to attack your system. Sometimes they are simply doing it as a way to show off their technological prowess—and that might be the most serious attack of all.
It’s very sad that this is what these characters choose to do with their time rather then something more productive and positive, but it’s a reality that we must deal with and prepare for.
Attributes That Attract Hackers
Regardless of the motivations behind the attack, there are some simple steps to ward off hacking attempts.
1. Weak Passwords
There is a reason you have passwords: to make it more difficult for unwanted thieves to make off with your treasure. Whatever your treasure might be, you need a strong password to keep them out. Unfortunately, hackers are becoming more crafty and have developed ways to break through even more complex passwords, like the ones with a single capital letter and two numbers. These individuals and groups are utilizing both online and offline means to achieve their ends — everything from sophisticated software to trash can digging.
Studies have proven that long passwords with a combination of upper and lower numbers, special characters, and numbers that aren’t patterned have the highest level of security for websites.
Use these complex passwords for everything from email addresses to your WiFi. Avoid simplicity, even if it’s easier to remember.
Check that you aren’t repeating the same password for multiple platforms and sites. There are tools like LastPass, LogMeOnce, 1U and others to help you keep organized.
2. Out-of-date Software
Software such as WordPress, Joomla, third-party plugins and PHP needs to be continuously updated. Think of it as a shield that’s being incessantly assailed. The longer that shield goes without maintenance, the less of a defence it becomes. Eventually, it will take a blow and shatter. Hackers are known to band together, networking and sharing information about discovered vulnerabilities in software. Therefore, if you stay up-to-date, you protect your online presence from any known weaknesses in older versions of software.
3. File Uploads and Downloads
Hackers often employ undetectable codes and other utilities to peek at the data you are transmitting. If your website is not encrypted or uploads/downloads haven’t been secured, a hacker could inject a virus or usurp your cookies during data transfer. One of their strategies is to put codes into file uploads that worm into your data.
The best methods of securing your uploads is to use SSH and SFTP. Never accept automatic uploads or downloads.
When you receive an email with an attachment, never download the attachment unless you know who it is from and you are expecting it.
4. No SSL Certificate
Without HTTPS, your website might as well be a signal fire for hacking. HTTPS stands for Hypter Text Transfer Protocol Secure, a step above regular HTTP sites. This enables data encryption as information moves between servers. If you’re serving customers, you need HTTPS for both SEO and security.
HTTPS also prevents things like Side Jacking or Session Jacking, where the hacker steals your site cookies and uses them against you on a browser.
Any reputable hosting company will offer SSL Certificates, priced anywhere from Free (included in hosting cost) to $700+ per year, depending on the type you need.
5. Out-of-date Hosting Server Software
The server that your website is hosted on can be another variable in your site getting hacked. A reputable hosting company should have state-of-the-art security software running 24/7 on their servers. When choosing a hosting provider, be sure to check online reviews and pay attention to any negative feedback concerning frequent viruses and hacks. Do a poll among other business owners to see which hosting providers they use, and what their long term experience has been.
Keep Your Website Safe
A great website design and secure back-end are two ways to prevent your site from becoming a target. By implementing more secure practices, like obtaining an SSL certificate for HTTPS, keeping your website updated and making longer passwords — you can successfully thwart hacking attempts and keep your and your customers’ data safe.