In early 2019 I’m already noticing an uptick in hacking attempts among my clients’ websites. How can I tell? Even though no one has yet been hacked, I monitor their security programs and see the same wave of attempted logins, brute force attacks, etc. It’s a shame; don’t these guys have anything better to do?
These jerks know what I know: There are some changes taking place that are creating opportunities to break into websites and do their dirty work.
I wanted to share with you the top five factors that create fertile ground for exploiting a website. I’ll keep it “geek lite” to avoid giving anyone a tech migraine. Please feel free to be in touch any time if you have questions.
1) Cheap or bad website hosting
There are a lot of good, smart, inexpensive website hosting companies — companies that store and ‘broadcast’ your site on the web. And there are a few that are inexpensive-but-untrustworthy. I write about a couple of them here. Some hosts are cheap but just don’t take good care of their clients’ data, and some don’t properly separate user accounts—which opens up opportunities for hacking. In one case in particular, a client’s site was repeatedly hacked until we moved it to another host. Since then? Nothing.
2) Easy-to-guess website logins (especially if you’re on WordPress, but other sites as well)
This is the most commonly jimmied “door” to your site because many people still use simple, easy-to-remember passwords like “bluepony5” and “mary*jane” and even, yes, “password2019” (#facepalm). It might save you the trouble of remembering a more complicated password, but it may also cost you thousands in getting your web presence back. (not to mention the fact that once hackers guess it once, they’ll try to find other spaces you frequent on the web and use it there too. They know you want to use that easy password all over… 🙂 Keep it complicated, folks. Use uppercase, lowercase, symbols, and numbers, and never—ever—use dictionary words.
3) Outdated software
Many of the websites we are asked to look haven’t been updated in some time. Old or outdated bits and pieces of your site’s machinery are a prime area for jerks to crash your website party. Every piece of your site’s technology—the framework (like WordPress), plugins, themes, programming—should be kept up to date to fix bugs and patch security holes they are constantly finding.
4) Out of date programming
Behind your beautiful website, no matter what kind, is programming (or “scripting”) language spewing out thousands of lines of code that make things go. For WordPress sites, for example, that workhorse is called “PHP.” That programming needs regular updates as well. In a huge current example, the team behind PHP has just stopped supporting (protecting) the version that runs behind more than 60 percent of websites that use it, and everyone should update it. This is something that can be updated via your website hosting company, but needs to be done carefully to be sure your existing site won’t be broken by the new version…there are even little programs to check whether your website guts are compatible with the new versions. Ask them (or us) about it.
5) Running a site that’s not “https” (and the “s” is for SECURE)
Take a look at your own website, specifically look at the top of the screen where it displays your website’s address: http://(your website address).com
If you do not have the “s” in https, or if you’re seeing a “not secure” message, that’s trouble. That goopy part of your web address means all communications between your website browser software and the website you’re viewing are encrypted/safe from prying eyes. It’s remedied by installing something called a secure certificate on your website hosting account. This is another thing that needs to be wrangled with your website host…but if you have questions, let us know.
If you need help deciphering what any of this means to you, or if you’d like to just have this automated so it’s all just taken care of — leaving you time to create, write, and run your business — we do that for a lot of people, so just get in touch with us. We have subscription plans for as little as $25.00/month to keep an eye on things for you . . .so you can turn your eyes to the work you actually like doing.
Stay safe out there, everybody 🙂