The term hacker brings images of someone sitting in a dimly lit room with a dark hoodie and a computer that resembles something from the Matrix movies. Ironically, most hackers are not even human at all, but the Matrix itself. These byte-sized intruders are commonly simple AI bots created by some hipster kid in a Starbucks to wreak havoc. A comforting thought, right?
What’s even more surprising is the reason they’re targeting your website. Why? Simply because it’s possible. Security breaches don’t typically target specific information unless you’re a big corporation (like Equifax or Sony). The majority of breaches are to turn your website’s server into a shady home for things like spam email senders, temporary storage for illegal files, or to create a home for specialized bots to mine Bitcoins.
This is just a shortlist, there are a whole Pandora’s Box of reasons. But all hope isn’t lost! There are several things that can help your website from becoming the newest home to Bitcoin bots.
Location, location, location.
The internet is like a city, it has its gated communities and its ghettos, its great parts and its not so great parts. And when first setting up shop it can be hard to afford a storefront in the middle of ritzy downtown, so we inevitably settle for a less-ritsy spot that is more affordable.
But sometimes that frugalness can go too far. Bargain bin hosting providers may be nice on the wallet but absolute hell on your security. Most basic hosting plans use what’s called Shared Hosting. Essentially it’s an apartment building for websites. We all remember our first apartment, thin walls, shotty lock, and you always knew when the neighbors didn’t take their trash out. You can dress it up, make it look nice inside but in reality… it’s dark, damp and offers little in the sense of security.
Website hosting is a prime example of “you get what you pay for”. Can you get hosting for $20 a year? Yes. But is it really worth it?
Acceptable, basic hosting plans, at a reputable provider, fall around $60 – 120 a year ($5 – 10 per month). While we almost exclusively host with GoDaddy, we also highly recommend Siteground. Both offer flexible, exceptional (and secure!) hosting for a reasonable price. If you’re curious about how some hosts rank up, check out Hosting Facts and their detailed information about various website host providers.
The Broken Mug Inside the Mystery Box
Continuing with the housing metaphor, after you get your hosting situated and you’re all moved out of that dingy apartment, it’s time to look at your website itself. Your business’ website is essentially a bundle of code that comes together to form what you see. And while your website may be beautiful and wow clients, it may be hiding a dirty little secret.
The code running your site, the brick and mortar if you will, can become vulnerable overtime. If there isn’t any type of protection your website’s precious building blocks can start to acquire junk from outside sources. Remember the house guest bots? They are similar to the neighbors’ rats inviting themselves over.
When someone develops a website there are two methods of thought when starting out. You can start from scratch or use a website framework. Since most of the human race doesn’t enjoy writing lines and lines of code many choose a framework.
The most popular website framework, WordPress, currently powers over 25% of the entire internet. We are big fans of WordPress ourselves. However, like many other frameworks, it has one big flaw. WordPress, like many of it competitors, is an Open Source project, which means it is maintained by a dedicated community and offers an endless supply of innovation.
With so many people working on websites, framework or not, it opens the doors to possibilities for malicious code to be injected in places it shouldn’t be.
With great power comes… so many vulnerabilities!?
Yes, like I stated before we are big fans of frameworks like WordPress but when it comes to the subject of security I look to my friend Murphy. What can go wrong…. Well you know the rest.
Before we lay down our arms to allow the inevitable Bitcoin bots to swarm in, there is one simple action that can act as a giant spray-can-of-doom to your unwelcome guests. Keep your website and all its parts and pieces updated. Boom. Done. That’s it. *mic drop*
Okay, so that may be a bit hyperbolic but in all seriousness the greatest downfall to most websites, regardless if or what framework is used, is out-of-date code. Outdated code is like turning on your home security system then leaving the front door unlocked and the windows open.
How can it happen?
What’s even scarier is some of these infiltrations can be instigated by you or your developer. If unverified code, plugins or themes are found willy nilly in the nethersphere of the internet, then used on your site it could mean bad news. For frameworks like WordPress, plugins and themes have served as transport for malicious code. When someone installs a theme or plugin on their site the code is injected and hackers now have a convenient backdoor, that you installed. The same goes for code snippets, many places help developers by compiling larger commonly used functions into code snippets people can access. If these don’t come from a reputable source it all leads down the same road.
Long story short, make sensible decisions when starting out and developing your website. Between choosing a solid host, using reputable sources for plugins, themes, and code, your business’ website can be better protected from the start. There are also security plugins and monitoring software that help prevent hacker bots from throwing uninvited house parties.
Building a website that works hard for you business takes valuable time and money. That is why we take website security so seriously. We’re dedicated to learning all we can about potential threats. It may sound a bit nerdy, but to us the information we learn is a personal challenge to make your website better, stronger, and faster than your competition.
If you’re curious about how we can help your website stay protected check out our website maintenance plans. We have three levels that cater to your needs and most of all, keep your website secure.
Not sure how secure your website is?Contact Web Security Experts