According to a top Ukrainian cybersecurity official, a cyberattack against Ukraine’s defense ministry and army last week, along with attacks on two of the country’s biggest banks, was the largest attack of its kind in the country’s history.
While we can see the apparent reason their sites could have sufferer attacks like this, we often don’t think our sites are at risk. I can tell you that thinking is about as far from the truth as you can get. Smaller sites have hacking attempts done to them multiple times a day. I see the server logs. I can put security software on any site and show you that you have people or bots attempting to hack your site daily.
I see attempted attacks coming in from Russia, India, Africa, Ukraine, United States, and just about every region across the globe on my client’s sites on a daily basis.
Who is Trying to Hack Your Site?
Many people think hackers have no interest in their websites since they are small or lack valuable information, such as credit card information. However, more often than not, that’s not why they’re trying to get access to your site.
Often, it is not the website itself that they are trying to access, but the webserver on which it resides. They can then use the server to mine digital currencies or to mask their identities for other online activities.
Sometimes, they want access to use your server to send out a gazillion spam emails, making it hard to trace them back to their original source. Unfortunately, spam makes many people money, and the person who pays the price is the website owner whose servers are blacklisted as spam sources.
Additionally, they will insert links to sell things into your pages using your server. Often, these links are not visible to the user and are injected to be visible to search engines to help move the destination websites up in rankings.
Keeping Your Website Safe From Hackers
Because I deal with this daily, I am likely more in tune with these things than the average website owner. I am constantly being mindful of, and looking for:
- New exploits that have been released that may not yet be common knowledge that only those in “the business” may be aware of.
- Sudden increases of attacks being launched on websites globally.
- Unusual security activity reports from my client’s sites who are on maintenance.
- Reports of compromised websites globally.
My clients who are on Monthly Wordpress Maintenance Plans or Monthly Website Care Plans have regular security scans, uptime monitoring, cloud site backups in case the worst happens, and software installed on their sites to help decrease the possibility of their sites being hacked. In addition, as new security threats are identified, we release protection and detection capability to our client’s sites in real-time.
However, for those who have opted not to be on a website maintenance plan, now is the time to get more vigilant in your website’s security. Here are some steps released by WordFence, a leader in website security software, that you should be taking:
- Educate your team about the risks of social engineering attacks and of being phished or spear phished.
- Ensure you have two-factor authentication enabled on every important user account that you and your team operate.
- Keep a close eye on your logs – security logs in particular – of all the systems under your team’s control.
- Use configuration management to manage what files should and should not be on your critical infrastructure. If you see new files appearing that you didn’t create, that’s a red flag.
- Ask your team to be on the lookout for anything that “seems weird.” Adopt an approach of “If you see something, say something,” and at the very least, you’ll have an interesting discussion – and at worst, it’s an attack underway.
- Make sure you are doing daily backups of your website and storing them off the actual server your site is hosted on.
Read more about how to keep your WordPress website safe from hackers.
Read Next: Your Online Cyber Security Survival Guide
- How SPF, DKIM, and DMARC Protect Your Emails and Boost Deliverability - October 15, 2024
- Your Google Ads Cheat Sheet: 11 Tips Every DIY Advertiser Needs to Know! - August 30, 2024
- Why Your Business Needs a Vector Format Logo - August 23, 2024