Wordpress website experts based in the UK.

Hackers & hacking

“In order to beat something, first you need to understand it.” That’s how disease is tackled by scientists so we thought it would be quite important if we added some articles to the website to take a deeper dive into wordpress hacking and the philosophy behind it.

 
vector - person pressing keyboard on laptop
Hackers & hacking

What is Hacking?

| Estimated reading time: 5min 36 secs |

We are often saying to our clients – “it’s important to constantly maintain your website from a technical point of view to prevent it getting hacked” and it’s sometimes taken for granted that people know what hacking actually is!

So let’s explore that in this post so you can see why it’s important to help reduce the risk of your website being hacked.

 

So, what is Hacking?

Hacking can come in a variety of shapes and forms, but overall I would say that hacking could be described as:

To obtain control of one or more of a website/domain features without the consent of the owner for a purpose other than that intended by the owner.

Because the form of the hack can come in such a variety of ways, it’s difficult to be more specific than that in this instance.

I think the best thing we can do is to provide some small anecdotes of the types of outcome hackers are generally looking to achieve.

You can generally categorize these ‘incidents’ into two categories – Malicious and Non-Malicious although it could be argued that all types of hacking are malicious in context, we are trying to convey a difference in severity and outcome by using these categories.

 

Malicious hacks

  • To force access to a website in order to obtain card details or sensitive personal information stored on the website – similar to the recent attacks against TalkTalk
  • To gain access to the server that the website is hosted on in order to provide a platform for hacking another site.
  • To implement ‘Ransomware’ on your website – take it down until you pay some money to the hackers for the ‘release’ of your website.
  • To access your server in order to get to your email system and start sending spammy emails from your
  • To take your website down (hide from public view) and put up some kind of advertising / credit for hacking your site – similar to what happened to bluereef.it

Non-Malicious hacks – less severe but still not ideal

  • To create posts / pages on your website linking to other sites which helps to build their traffic / backlinks. Often these are to pharmaceutical or porn websites.
  • To add adverts to sites you know nothing about to your website
  • DDoS attacks

Why would my site get hacked?

Often it’s not really about the target site itself as hackers can automate the process of hacking and send out ‘bots’, little scripts which will go off onto the Internet and hack websites.

Often these bots follow links from the website they are on and then attempt to hack each site they land on. So, it may be a case that an infected website has a link to your website and so a script has been run.

This is the most common situation, but if your website takes payments or stores customer details, then that could cause you to be a target for hacking because of the prospect of getting to those customer details.

 

What are the side-effects of being hacked?

This totally depends on the type of hack implemented, but they are never a positive thing.

If your website is hacked, you will often be affected for some time after the hack is resolved.

Things such as emails constantly being marked as spam, warnings appearing whenever someone tries to access your website, your hosting company contacting you to advise that your website has been taken down as it’s been hacked and also in the case of a DDoS attack, you will be unable to get to your website.

 

How can I tell if my site has been hacked?

Because of the diversity of the types of  hack that are possible, and the range of platforms which are available it’s difficult to give an exact answer here. But, here are some of the key things to look out for:

  • Changes to pages which you didn’t do
  • New user accounts being added to your website without your approval/ action
  • Website slowing down for some reason
  • Your emails suddenly getting marked as ‘junk’
  • Google will sometimes add a warning into it’s search results that reads – ‘possibly hacked’

These are some of the most common indicators of attacks but not all of them.

 

What can I do to combat being hacked?

One of the main things you can do is keep the access to the site secure.

The simplest and most effective measure to secure your website is: Make sure you use strong passwords for your access and NEVER use ‘admin’ as the username.

A strong password is defined as the following:

  • Use upper & lowercase characters
  • Use at least one special character (!,”,£,$,%,^,&,*,,,.,/,;,’,#,[,]) for example
  • Use at least one number
  • The password should be at least 12 characters long

The most common attacks against websites are called ‘brute force’ attacks and this is where an attacker will simply attempt a range of usernames and password combinations until they get through.

Often this process is automated by using algorithms – so they use general trends such as capital letters at the beginning, lowercase letters in the middle and numbers / symbols at the end which helps they try the most likely tries at the beginning.

Here’s a really interesting article on hacking algorithms which is simple enough for non-techys.

So, by using ‘admin’ as a username, you are making things much much easier for the hackers to brute force attack your website.

The same for the password – we recommend 12 chars at least including a special character and a number. This then removes the password from a simple dictionary search as no words in the dictionary have numbers in it.

It’s difficult to compose strong passwords, let alone remember them which is why we use LastPass. For more information on this, have a look at our LastPass post.

You can and should do the following (at least) too:

  • Hide the login page – by making the login page a non-standard URL, you prevent hackers getting to the login form and starting a brute force attack
  • Login throttling – this basically means limiting the number of access attempts by a single user (as defined by IP) within a certain timescale. So only allowing 4 attempts in 5 minutes will dramatically slow down a hacker trying brute force attack.
  • Remove old code from your website. This could be in the form of templates/ themes, modules and even the base platform itself. Keep these updated.
  • Purchase an SSL certificate. This protects the connection between your browser and the Internet to stop hackers intercepting the information as it is transferred between the two.
  • Perform regular checks of the site to spot things early.

 

Not sure if your website has been hacked?

You can give us a call at any time and we are happy to offer some support and advice with a view to getting your website or domain back under your control.

vector - screwdriver over a toolbox
Hackers & hacking

What Hackers Do with Compromised WordPress Sites

Most site owners assume that if their website was targeted by hackers there would be no interesting data to steal such as credit card details, and believe hacking it would be a worthless exercise.

Unfortunately, they’d be wrong, as aside from data compromised site visitors can be monetized in various malicious ways.

The web server can be used to run malicious software and host content and the reputation of the domain name and IP address can be leveraged.

Wordfence recently ran a survey asking people who reported their site being compromised what the hackers did to their site.
The below results were published:


Results from Wordfence 

 

The results clearly show that there are quite a variety of things the attackers are doing with the compromised sites:

  • Defaced site/took offline 
    • The hackers may replace your site with their own content, often political terrorist groups, this gives them free advertising for their cause.
    • Or hackers may simply want to brag that they hacked your site seeking recognition, or simply remove it/destroy it and take it offline.
  • Send spam
    • Spam email is a huge issue, and sometimes the site owner may not be aware of it going on for some time.
    • It can result in the site owner getting blacklisted for spam ad could damage the reputation of the business.
    • Ultimately, the hacker gets to use the resources you are paying for, for free and are trying to get people to click on malicious websites.
  • SEO Spam
    • Hackers are able to divert traffic from your website (by hiding links throughout) to their own to improve their search engine rankings.
  • Malicious redirect
    • Attackers redirect traffic to malicious websites either by using links or adverts, or by diverting all traffic directly.
  • Host phishing page
    • Phishing is attempting to fool the visitor into providing sensitive information, for example credit card numbers or password details.
    • Hackers are looking to use credit card details or even to steal a person’s identity.
  • Distribute malware
    • Attackers can install malware that in turn installs malware on your website visitors computers without their knowledge.
    • This could not only damage your reputation if your visitors are affected, but if google detects what is happening they will flag your site via their safe browsing program, which will cause your SEO traffic to drop significantly.
    • The hackers benefit from this by getting access to steal information, or simply do it to wreak havoc!
  • Steal User data
    • From the above results this was a surprisingly low number that reported data being stolen.
    • Wordfence suggest this may be due to WordPress sites not storing sensitive data beyond user credentials and maybe email addresses OR it could be that it’s very difficult for the site owner to detect if data theft has occurred and therefore the numbers may be understated.
    • Attackers would be looking to steal email addresses to use for spamming, credit card details for obvious reasons and username/passwords in hope that the user is repeating use of passwords and therefore gain entry to other information.
  • Attack site
    • This seems fairly rare based on the above research, however in some cases an attacker will use your website as a platform to launch attacks on other websites.
    • This allows the hacker to use your server free of charge; get past their targets defences by using your domain and IP address and could ultimately ruin your reputation.
  • Ransomware
    • This is a malicious software that blocks your website and demands you pay a ransom for having access restored.
    • If you don’t have backups that you have kept safe from the hacker, then you may decide that the ransom is worth paying, hence the attacker profits.
  • Host malicious content
    • The hacker quietly stores their files free of charge on your server with a domain and IP address that have a clean reputation!
  • Referrer spam
    • Referrer spam is bot traffic to your site set up to look like it’s coming from a fake referrer.
    • The spammer is trying to get the site owner to check out where the traffic is coming from, driving traffic to the site!
    • Their goal is to drive traffic to their websites for reasons that often turn out to be malicious.

So if you thought your site would not be of interest to hackers, then you may have changed your mind after reading the above.

If you want to discuss how to improve your websites security contact Showcase now.

 

vector - shield over a screen
Hackers & hacking

WordPress security – How attackers gain access

A survey conducted by Wordfence asked the question:

If you know how your site was compromised please describe how the attackers gained access.

Over 60% of site owners did not know. For the site owners that did work out how access was gained this is what the breakdown looks like:

The survey results above clearly show that Plugins are the biggest risk. However Plugins play a big part in making WordPress popular and there are over 40,000 plugins available. 

So here are some tips on how to secure your site to ensure your information remains safe:

Keep your WordPress site up to date WordPress is updated regularly, and updates address any vulnerabilities discovered. This makes older versions easier to attack so make sure you always click on new updates.

Keep plugins up to date and delete any you’re not using As above always click on any new updates, and delete any plugins that are no longer in use.

Use strong usernames and passwords (and change your password regularly) Many potential vulnerabilities can be avoided with good security habits. A strong username and password (never use ‘admin’) are an important aspect of this, as is regularly updating your password.

Add two step authentication Logging in with a password is single-step authentication. It relies only on something you know. Two-step authentication, by definition, is a system where you use two of the three possible factors to prove your identity, instead of just one. This adds an extra layer of security to your log in.

Store passwords securely Do not store them in plaintext in a document online that may be compromised. You can use a product like LastPass which provides an encrypted ‘vault’ to store your passwords in. The benefits of LastPass are enormous, look out for a blog post specific to this coming soon.

Only download from reputable sites If you are going to download plugins somewhere other than the official WordPress repository, make sure the website is reputable

Limit the number of logins Lock out users after a defined number of log in attempts. This means an attempt to repeatedly hit your server with multiple username and password combinations will not work.

Backup your site regularly A sound back up strategy could include keeping a set of regularly timed snapshots of your entire WordPress installation in a trusted location.

Note that Showcase limit login attempts, never use ‘admin’ as a username and adhere to all the suggestions we outline in this post. Contact us if you want to know more about how Showcase Web Development can help improve your website security.

 

 

Call Now Button