Hack, CMS, Wordpress, Drupal, Joomla, Stephdokin, virus, plug-in, security

File this blog post under “I’m sorry the internet is complicated.”

High profile hacks have been all over the news lately. From “Chinese breach data of 4 million U.S. federal workers (Forbes)” to “What caused Sony hack: What we know now (CNN Money)” to “The Top 5 Most Brutal Cyber Attacks of 2014 (Forbes: eBay, Evernote, Feedly, P.F. Changs, Montana Health Department,” it seems like no one is beyond the reach of hackers these days.

Including your business.

Interestingly, small to medium-sized business owners seem to “know” their site can be hacked, but few either don’t know what to do about it or they kinda hope it goes away.

77% of small businesses believe “that their company is safe from cyber threats like viruses and spyware” yet 83% of small business don’t take any formal cyber-security measures. **

One thing is for sure. It’s pretty complicated stuff.

“Ahhhh … a hack will never happen to our website.”
– John Owner, President of <almost-every-business>


Shameless plug for Stephdokin’s hack security service: Ongoing prevention is the best protection against hacks, not reaction.We can protect your WordPress, Drupal or Joomla site from unwanted intrusion and viruses. Our service includes ongoing automated and manual consistent vigilence by a team of deep-thinking engineers; testing, identification and removal of hacks to your CMS website as well as server-side security. We provide a security report detailing the activity for your website properties at the end of each month. For more info and contact, visit: security.stephdokin.com.


 

40% of small business have been hacked*

It’s happening all over the place. Over 30,000 websites are hacked daily.*

I speak from painful personal experience. A couple months ago, we got an email from Google Webmaster Tools regarding one of our clients websites:

Unfortunately, it appears that your site has been hacked. A hacker may have modified existing pages or added spam content to your site. You may not be able to easily see these problems if the hacker has configured your server to only show the spam content to certain visitors.

To protect visitors to your site, Google’s search results may label your site’s pages as hacked.

Google saves the day and then spoils the day

It was Google webmaster tools that first found the hack and sent us the message. Along with some super helpful information and places to check for further information. The rule here is … if your website isn’t already registered for webmaster tools, then do so right now! It’s endlessly useful to help manage your SEO and other website content, and it’s free, and it hooks into Google Analytics for even more analysis and … well, you get the idea. Sign up now.

example compromised hack website google search results your website may be hacked Stephdokin

To make matters worse, once Google identifies your website as “hacked,” it will reduce both your organic SEO and adwords PPC traffic to your website to a tiny trickle.

That’s because Google puts up a phrase “This site may be hacked” in your search engine results.

I dunno about you, but I’m pretty sure I ain’t clickin’ on that link in the screenshot.

Buddy, can you spare $15,600?**

Woe is the business owner who gets hacked. Hacks cost the American economy $100bn a year. Data loss, infections with malware and viruses, and credit card exposure can disrupt and even bankrupt a business.

The average cost to fix up a hack and data loss to a small business is $15,600. (our service is much more reasonable ;).  However, the damage to a business over the long-term can be hundreds of thousands to several million dollars.

The best protection against website hacks is prevention, not reaction.

* Report: http://www.inc.com/laura-montini/nsba-survey-cybersecurity.html?cid=sf01001
** Report: http://www.inc.com/flash-steinbeiser/report-small-business-owners-not-worried-about-cyber-security.html

CMS websites like WordPress, Drupal and Joomla are easily hacked.

A Content Management System, or CMS, is a web application designed to make it easy for non-technical users to add, edit and manage the content of a website.

The most common CMS systems used by businesses are WordPress, Drupal and Joomla.

CMS systems are awesome. So robust and full-of-features; if there’s any thing missing you can also download thousands of plug-in’s to easily integrate into your website’s functionality. We highly recommend WordPress to our own clients.

But, with this flexibility and openess, you get three security issues:

  1. 1) Vulnerabilities as CMS system platforms

    The WordPress CMS platform has had over 50 security and vulnerability updates in 3 years. Drupal and Joomla are no different. Here’s the complete lists:

  2. 2) CMS Plugins Vulnerability

    There is a serious lack of security standards for CMS plugins. For example, 20% of the top 50 WordPress Plugins are vulnerable to common attacks from the web. The list changes all the time.

  3. 3) ECommerce and User Account Vulnerability

    eCommerce and websites that allow users to login are particular easy to target. 7 out of top 10 most popular e-commerce plugins are vulnerable to common Web attacks. This amounts to more than 1.7 million downloads of vulnerable e-commerce plugins.

Top 5 Most Common Types of Website Hacks

Not to geek out on you, but the world of hacking is super-technically interesting, for sure. Just make sure you use your powers for good, not evil, kids:

A hacked website isn’t good for business.

I don’t want to overstate the obvious, here, but I can’t help it. If your website is hacked, it stops making money for your business.

A shoutout to the Coasters:

Take out the viruses and the hacks
Or you don’t get no spendin’ cash
If you don’t scrub that website floor
You ain’t gonna rock and roll no more
Yakety yak
(Don’t talk back)

Be careful out there.