How to guard your website against a cyber attack

How to guard your website against a cyber attack

5 min read

Australia announced today that the country is experiencing ongoing cyber attacks. From what know, everyone is potentially a threat, including unfortunately, your business.

 

 

This article will explain, in plain English, how setup your website so it's got the best chance in a cyber attack. We’ll explain:

  • Why someone wants to attach into your website versus a well know business,
  • The flow on effect if your website is ever hacked,
  • How to lock down security,
  • How to set up a sturdy backup system in case anything goes awry, and
  • How to set up monitoring.

Why would someone want to attack my website?

Believe it or not, I get at least one call per week from a sole trader who’s had their website hacked and has no idea how to get it back up and running. When this first started happening I asked myself – “why would someone bother hacking into such a tiny and seemingly insignificant website?”

Here are three common reasons:

  1. Easy Money,
  2. Your website’s email system, and
  3. Your website can pretend to be another website.

Easy Money

When a hacker gets into your website, they can change your website’s code so that visitors are automatically sent (redirected) to another website.

The hacker earns a tiny commission when someone lands on that other website.

After hacking tens of thousands of websites - this translates into hundreds, even thousands of dollars in commissions rolling in every week for the hacker.

 

WordPress-Security-Redirect-768x432

Your website’s email system

Most websites have a way of sending emails. An example of this is when some one enters their details into your Contact Us page and the website sends you an email with their details.

Hackers love finding ways of sending SPAM emails so they don’t get caught. International police have been finding ways of switching off their SPAM email servers so hackers are inventing new ways to get their SPAM emails out. Small business websites are an easy target because most of the time people have no idea that their website is even doing it.

Your website can scam people

Hackers can change the code in hidden parts of your website to make it look like another website, such as a bank website.

They then send then fake emails that send people to your website - thinking it's a legitimate email from their bank.

They then enter their username and password, thinking they’re logging in to a legitimate bank website. Your website then sends that person's username and password to the hacker, allowing them to then hack into that person’s bank account.

Once again, using your website instead of their own means there’s very little likelihood that the hacker will ever get caught.

The flow on effect of having your website hacked

When your website is hacked there are a number of things that happen:

  1. Google sees that your website is dodgy and marks it as unsafe. This means that when people visit your website they are presented with a warning to not visit the site.

    WordPress-Security-website-warning-350x233
  2. Virus scanning software soon picks up that your website is added to the list of potentially unsafe sites. All computers around the world that use an Internet virus scanner will show a warning to not visit this site. Removing your website from this list is a long manual process.
  3. Your website server may get “blacklisted” – that is, added to a global list of untrusted servers. This is a bad thing, for example if you want to sent emails from your website server, then other email servers will not accept those emails as it detects that they were sent from an untrusted server.
  4. Your hosting provider will shut down your account. This means you need to negotiate with them to get your account back up and running.
  5. You need to invest resources, time and money to get your website back up and running, tell your customers that your website is safe and have a specialist either restore your website or remove the hacked code.

This is by no means a definitive list of what happens when a website is hacked so be prepared for any surprise!

Lock down your website security

Sorry for all the doom and gloom above. Unfortunately this is what some business owners need to go through to learn the consequences of not having their website secure.

Fortunately there is hope though and you can take action now!

If you’ve got a WordPress website there’s a couple of add-ons that dramatically reduce the likelihood of your website getting hacked. I always recommend using:

These two add-ons, or plugins in WordPress speak, allow you to set up WordPress like it’s a fortress.

I have installed and run these two plugins on my own business website and testing using multiple testing programs. All programs that I used gave the website a big tick in the box for zero security vulnerabilities.

Set up a sturdy backup system

A lot of hosting companies provide free website backups. That’s great, as long as you can access the backups and know how to restore them.

Less than twelve months ago my hosting provider completely wiped my file system – including my backups. After a lengthy conversation with their support staff they realised their error and restored all the files. This meant however that the websites on this file system were down for almost an hour. Luckily, the majority of these sites were websites that were being built – i.e. they weren’t visible to the public yet (as a side note, I’ve moved hosting providers since).

For my live customer facing sites, I choose to have the backups stored remotely. This means that they are stored in a secure location on the internet using cloud storage like Dropbox or Google Drive. If a website server ever blew up, I’ve still got access to all backups.

I highly recommend taking on this approach for all your websites – especially if your web person is going to be away over the Christmas break. You never know – you might need to give another web person access to your backups over that break if something goes awry.

To make your job easier, I recommend using a free WordPress plugin named UpdraftPlus. It makes the job of storing your backups remotely really simple.

Set up monitoring

Website monitoring is a saviour when it comes to being pro-active about your website. Most monitoring services will send you an email when your website is not responding. This is a great way for you to jump onto it before your customers start calling.

To set up website monitoring, I recommend creating a free account with Uptime Robot.

 

Published on June 19, 2020