“My WordPress website doesn’t need updates or maintenance, after all, it’s not like I collect important information!”
Have you heard someone say this? Have you said it yourself? Many businesses let their Drupal or WordPress core, plugins, and PHP sit with no maintenance, convinced that it will be fine as long as they’re not collecting passwords, email, or payment information. Even worse, some website owners feel their sites don’t need an SSL certificate or firewall.
But did you know that even simple sites run the risk of being hacked and handing their visitors over to phishing sites, spam, and viruses?
With an ever-growing list of risks and possible ways hackers can use your site for their own benefit, even low-traffic sites that do not collect emails are at risk of being infiltrated or marked as unsafe. Yet how can these sites be used? And, more importantly, how can it be stopped? Here are a few common ways sites can be exploited by hackers, putting your business and customers at risk:
The Risks of an Unsecured Website
Spam Injection
Your clean site is accepted by Google as safe, making both internal and external links considered free of risk. By planting spam links in forms and links, your hacked site is helping spam businesses boost their SEO and site traffic– while possibly causing your website to be marked as unsafe. Hackers can also redirect your content to their own content, causing their SEO to boost even if no one visits their page.
Email Hijacking
Websites can also be used to send spam email as your website has a safe, non-blacklisted IP address and will more easily get past spam filters. In this way, harmless spam can turn into malicious viruses. Even worse? Your IP address could be blacklisted due to the spam, making it much more difficult to reach your customers in the future.
Malware and Ransomware
A step further than spam, hackers can modify websites so malware is installed onto the computer of anyone who visits the website, downloading viruses onto the devices of your loyal customers. Ransomware can also be downloaded in this way, causing files to be stolen and encrypted with the hackers demanding payment in exchange for returning the files.
Phising Pages
With a clean bill of health from search engines and trust from visitors, hackers love to use smaller websites for pages that will extract sensitive information from users. This includes injecting items such as fake login pages, donation pages, or purchase pages onto an otherwise safe website.
“Even simple sites run the risk of being hacked and handing their visitors over to phishing sites, spam, and viruses.”
What can you do to protect your website?
Sounds a bit daunting, doesn’t it? No website is too small for hackers to take notice and use it for their own devices. Yet there’s good news! With precautions in place, your risk can be greatly reduced.
SSL Certificate
Becoming a web standard, it is crucial to have an SSL certificate (what makes your website https:// instead of http://) to protect and encrypt data. In addition to keeping visitors safe, Google no longer ranks websites that do not have an SSL certificate, and will discourage visitors from visiting your unsecured site. Make certain that you ‘force’ the SSL, so even if a visitor types in “http://website.com” they’ll be taken to the secure “https://website.com”.
Keep your site up to date
When kept up to date, a WordPress website causes no extra security concerns. Make certain that plugins and themes are updated regularly, and that you have a WordPress specific host ensuring the WordPress core and PHP is updated.
Backup your site
What if your website is hacked? Keep regular backups of websites ready to replace the current site. Just don’t forget to change your passwords on the backup!
Install a security plugin
WordPress has a variety of plugins designed to keep website owners informed while blocking attacks and keeping website safe.
With these steps in place, you’re on the road to protecting your site, your users, and your business.
Want to keep your mind on the day-to-day instead of checking to see what plugins need updated or how the next PHP update will affect your website? ZIV has managed, firewalled WordPress hosting to keep sites safe, backed up, and secure. Want to focus on growing your business and leave the security and updates to us? Let us know!
More About ZIV
ZIV has offices in greater Kansas City and Denver, CO. Whether it’s creating a brand, implementing a digital solution to disrupt an industry, transforming a customer’s experience to gain loyalty, or executing a marketing strategy for needed growth – they’ve got you covered. Explore their capabilities and past work at letsziv.com.
