Website security: How do websites get hacked?
Following on from our earlier blog on understanding threats to your website, we thought we’d take some time to focus on one specific threat: hacking.
We’ll look at explaining the various ways in which vulnerabilities within the various areas of your website can be exploited by hackers.
Personal computer security
When a personal computer is hacked, the attack could include stealing saved information for websites and logins. This gives the hacker access to online resources using your own credentials.
These hacks can come from compromised websites, infected software or through bots scanning various IP addresses looking for weaknesses.
Many websites utilise plugins, widgets and other integrated components. Unfortunately, these can lead to compromises of your website.
In many cases, developers of these additions will update their software on a regular basis to prevent hackers from using discovered exploits. However, this isn’t always the case as some developers simply give up on a project. Content Management Systems (CMS) can easily be targeted in such a fashion as plugins and widgets are a primary source for design and content.
Some of the most popular platforms can be targets for hackers through vulnerable exploits. However, primary developers of systems like WordPress and Joomla are often quick to respond to such threats.
According to statistics, one-quarter of all websites in 2014 utilised WordPress as it’s developing platform. Should a compromise be detected, it could cause havoc across millions of blogs.
Indirect server hacks
A direct assault on your website isn’t the only way the criminal element can gain access to its pages. Many sites are hosted on what’s called a “shared” server.
This means that all accounts are utilizing the same drives, CPUs and memory to host everything from blogs to eCommerce. If any one of those other websites are compromised, it could lead to hackers accessing your data indirectly.
Even a hack aimed specifically at the hosting company can put the information at risk.
Responding to phishing email
These messages are designed with the purpose of duping you out of your user credentials for various websites. Sometimes, the hacker will take the effort into creating an email that looks legitimate asking for passwords or providing links to “log in” to your account.
In many cases, these links lead to hacked websites that are hosting a false page in order to obtain your information.
Lack of website security
According to Symantec, online hacks cost medium-sized businesses and smaller more than $188,000 each year on average. More than 60 percent of these companies had to close down because they were unable to survive the financial damages.
Many of these organizations may be still operating today if they had proper security systems in place to prevent those cyber attacks.
Want to understand the specific vulnerabilities your website has? Get in touch, or tweet me @anthonyjohns0n to ask for some free advice.