Why and how you’re getting hacked

Marketeering Group / Web Design and Development  / Why and how you’re getting hacked
Long exposure shot of a skyline

Why and how you’re getting hacked

2 min read

We’ve always offered hosting, security and support for our client’s websites for a few reasons. First if your website is down or hacked, all marketing efforts are worthless. Second, good SEO cannot be done without direct access to a site to add content, adjust user experience and simple maintenance. A secure SSL website is critical to small business marketing success.

As we’ve grown we’ve had to also increase our understanding how WordPress sites should be maintained and secured on a massive scale. Part of that is understanding the Deep Web (or Dark Web).

The internet is just like the real world. Latching on to the infrastructure we use on clearnet (the internet you and I use every day), are private and secret networks that form like barnacles onto legitimate websites, servers and networks.

They operate like both petty and organized crime of our real world, exchanging drugs, sex, stolen goods, money, and even in some cases murder. They use back doors and setup fronts to accomplish their goals (this is the reason for most hacking).

In the past 9 months we’ve seen an unusual spike in attacks and hacking attempts. If you run a website and you’re not as vigilant at protecting it as you are your own home, you will regret it. Be sure that your site is locked down by every security measure possible, and be sure that your data is backed up multiple times to multiple locations.
The web is standardizing for small business because of WordPress’ popularity, and simplicity. It now makes up 25% of the entire internet. The standard settings they use make the sites as vulnerable as Windows OS was in the late 90s, allowing hacking bots to replicate themselves at scale. The best thing for everyone to do is

1) Move the login page away from /wp-admin

2) Use a different username than “admin”

3) use something like LastPass, to encrypt and rotate passwords.

4) Install a site firewall like Wordfence, to block IP addresses that are trying to login multiple times and failing.

5) Ensure that there is a firewall on your server.

6) Run a program like SiteLock – Website Security, to scan for any malware that does get in and automatically remove it.

7) Setup regular backups of your data to another location that is independent of your normal host. Amazon s3 has an API to allow this if you have WHM access.

We’ve implemented security measures such as these as standard protocol at Marketeering Group.