A while ago this Google Blog Post pointed out that the number of hacked websites is up 32% and still rising. That rise is not expected to end anytime soon.
There is always a "chance", that your website will be among them because what they want is your software; the site-matter is irrelevant. Hackers get more aggressive every day and when outdated web software is used, their work becomes easier by the minute.
According to Google, only 84% of the webmasters that asked Google to reconsider their listing after cleaning their sites, were approved.
61% of the webmasters that had a hacked site never even knew their site was hacked.
Why? What? How?
If you have a Google Webmaster account, Google sends out a warning if something is amiss with any sites added to this account. Keep in mind, submitting a site for indexing is not enough to keep your site safe. It must be within a Google Webmaster account. Now also remember that you will find out from Google because your site is gone. Using tools to prevent is always better than waiting for word from them.
Google extensively talks about the redirection hacks as well as keyword hijacking. Obviously this is because Google pays out good money to people who put Google adverts on their sites. More traffic (legitimate or not) means more money. Multiply your traffic by hacking other people's site so they redirect to yours and Google will pay you more. Simple. Google doesn't like that and that is understandable.
So how do those pesky hackers get into your site? The list is fairly simple:
Hackers can use any server (including you Wi-Fi thermostat or lightbulb in your kids' rooms) to attack any website. Using a strong password is key. Keeping the hackers from trying in the first place is something we can do for you. Our recent newsletter to this effect meant that numerous websites were safe from this particular attack.
Missing Security updates
Your website is most often built using a framework called a CMS or Content Management System. These systems are very practical and allow you to concentrate on what you need to do with your website, not how to program it in languages you hardly know. The CMS systems need security updates, thousands of lines of code inevitably contain possibilities for hackers to get in. Closing those doors is the work of many developers and the patch is called a security update. Ignoring those updates puts your site at risk.
Insecure themes, templates and extensions
Here is where the line between safe and unsafe becomes blurry. While you may trust the website where you download a free theme or plugin, the site itself may have been compromised and malicious code may have been added to your product. When you install it on your site, all the hacker has to do is find your site. With thermostats and routers all over the world capable of doing the search, your site WILL come up. It's just a matter of time. Often hacks lay dormant for months before they are exploited. And when they are, it is often too late.
If you no longer use an extension for your site, or that beautiful theme that didn't deliver as promised, remove it from your site, anything a hacker can find to get in will be used. After all who is going to update a theme that is never used? The access to the files, however, will still be there. Might as well put up a sign to invite hackers in...
This is one where many people state that they are not vulnerable. You get an email saying that your package is ready for delivery; just click the link in the email to schedule for it. One click is all it takes to get you in trouble. If you have no packages waiting from anyone anywhere, you may not click the link. But if you do, the temptation is very often too great to resist and your site/computer/server etc is compromised.
Bad security policies
This part is more for the hosting company to enforce. Weak passwords like "password123" or "dumbledoreforever" are simply not safe. When such passwords exist, we at Coolcom can enforce the rule to update the password to something safer. You may not like the new "Fhdr$320-Ouch” password, but you'll have to live with it.
While you are uploading your files to our servers, in some cases, the file list of what you are uploading is there for anyone to see. If you create a folder on your hosting space to store files, make sure you add a file called "index.html" to it so that the file list cannot be returned to any visitor. The file can be created using the File Manager in your cPanel and it can be empty. All you need is the fact that it exists.
If you don't want a search engine to access you files to index them (related to the point above), you will want to update your "robots.txt" file to reflect that. Honest search engines will abide by the rules; the not so honest ones will ignore the file and crunch your files anyway.
But once we get to the point where files on your hosting space should never be seen by anyone in the world, you may need to reconsider storing them on your server.
No Google Webmaster account?
We can add one for you. The fee is $39.00 (one time) and we add & verify your first site for you.