In these modern times where everything is online there can be a very dark and dangerous side to the web that you need to be careful of. Similar to everyday life there are criminals and hackers online who go out of their way to upload malicious files and break the coding of a website in order to compromise it and gain access to confidential information they shouldn’t have. Any business which has a website should be very wary of this as sometimes the blame can fall on you if it is found that confidential customer information has been accessed by hackers because your website security wasn’t as good as it should have been. So it is vital for any business with any type of website keep it secure and up to date to protect themselves and their customers information.
Types of attacks and hacks
There are lots of different types of attacks and hack files and methods someone might use to disable or gain access to a website. These are not all of the methods but just some of the main ones that you would find trying to access your website:
- DDOS attack (Denial of service) sends a large amount of traffic to a website all at the same time, aimed at overloading the server and causing it to crash.
- SQL injection is when someone tries to run code through a form on your website, like a contact form. So instead of typing plain text into the fields they might try to run a piece of code that could delete parts of the website, or allow them to gain access to confidential information on the website.
- Non targeted website hacking is when someone identifies a vulnerability in your website platform and exploits it. They may do this for many reasons but the main ones being to gain access to confidential information, delete information from your website or even upload a malicious file to your website which could then hack the computers of users who visit your website.
- Someone might simply try to login to your admin dashboard as the URL’s to gain access to the admin login page are usually fairly standard and can be guessed easily. Then once someone has access to the login page all they would need to do is guess the username and password, and you would be surprised how many people still use passwords like 1234 or even password. In some cases hackers use bots to try logging in hundreds of times per second with randomly generated passwords.
- Phishing is normally done through email and will send someone an email pretending to be from your company, usually asking for them to login or enter some of their personal details. Then once the hacker has access to these details they could potentially log in to your site through the customer account information they have just taken, and from there they would be able to dig deeper into your website, potentially being able to upload malicious files or gain access to other confidential information.
How to prevent website attacks
Although it is not going to be possible to stop all types of attack on your website (even large companies like Google and Microsoft have been compromised in the past) there are some changes that you can make to make it harder for someone to hack your site.
- Most off-the-shelf website platforms like WordPress have security built in and you can also add plug-ins to the site for additional security and firewall protection.
- Most hosting providers have server-side malware protection and firewall, but it is worth checking this with your hosting provider to make sure it is as secure as possible.
- Change the default admin login URL from something simple like ‘/admin’ or in WordPress case ‘/wp-admin’ to something more secure that someone wouldn’t be able to guess.
- Secure contact forms and any way of uploading or sending data to your site with captcha, which asks users to verify they are on a real computer. This will stop some hacks because they are done from bots.
What to do if your website has already been hacked?
Depending on how severe the attack was, sometimes you can just secure the website again and it will be fine. But in some cases when a hack has completely destroyed your website the best option is to first take it down. That way if any customers try to access your website at least no more harm can be done if you take the website down. Then afterwards it is just a case of assessing the damage and following the relevant steps needed. For example, if customer information has been leaked or taken then this would need to be dealt with according to your company’s GDPR policy and guidelines. In terms of getting your website back to how it was, the best method is to restore it back to a later version that did not have the malicious files on it. This is something that your website hosting provider should be able to do for you. After the website is restored you should then go through the site and find, then fix exactly what the issue was that caused someone to be able to hack it in the first place. Once you have fixed the vulnerability and increased your websites security you should then be ready to re-publish the website. But we would strongly suggest that you monitor it for attacks closely afterwards.
Also if you would like to read our blog on how to stay safe when browsing online click here.