What is hacking?
The Oxford Dictionary defines it as:
“the gaining of unauthorized access to data in a system or computer.”
Website hacking simply means that a hacker will gain unauthorized access to your website. This access can take several forms. These range from simply accessing your site to prove that they can, all the way through to the loading of malicious code that is downloaded or triggered every time a visitor comes to your website.
The starting point for any hacker is to gain access without detection. Your website may be hacked several times without you ever noticing that it has even happened. No harm and no fuss. If you are fortunate and you have a White Hat hacker access your site, you may even receive an email from them to inform you of the vulnerabilities on your website.
Next on the scale is the deletion of content. While this may seem like quite an extreme step to have as a second-best option, I am sure you will agree once you have seen the other ways to hack your site. If you are hosted by a decent ISP (Internet Service Provider – the people who host your website), they will make regular backups of your website, simply restore one of your backups and you are back in business.
Converting your website in a Spam platform is next on the hacking list. You will very quickly get blacklisted by most email lists, and your website may be marked as unsafe by Google. This would mean that any emails you try to send out will likely end up in a Spam bucket somewhere, and any visitors to your website will receive a notification from Google that your site is unsafe. If you were a first-time visitor, would you go any further?
Now for the nasty stuff. The Second worst hack is the adding of key loggers to your website. In this scenario, any information added by visitors is sent to the hacker. This may not be so bad if it is just an email address but can be very costly if they start getting more sensitive information like banking details. There is also an established trend where the hackers email the customer with a spoofed invoice and the incorrect banking details on it.
The final and in my opinion worst scenario is where the hacker uploads malicious code onto your website. Every time a visitor loads your website, the code will run and try to download malicious code onto the visitor’s computer. In this scenario, Google will flag your site as unsafe and most of the decent Anti-virus applications will blacklist your website as well.
How do they do it?
There are several ways that hackers gain access to your website. The simplest way is via a weak or compromised password. An example of a weak password is TomPass. Using an app like Brutus, hackers will be able to crack that password in a matter of minutes. Try to always have both upper case and lower-case letters, numbers and a special character, when creating a password. Converting TomPass to T0mP@ss ups the time to crack the password on Brutus, from 3.5 minutes to 6 to 7 days.
You may have the best password on the planet, but if you use it on everything you may end up having it compromised.
What is a compromised password?
When you log into a website, your password gets stored on that website. While the industry standard is to encrypt the password, not everybody does this. These sites are also the ones that get hacked the most. Once a site has been hacked and a list of email addresses and clear text passwords have been stolen, that information is often shared on the dark web.
The next point of entry for hackers is the server on which your website is hosted. If the server is not properly configured and up to date, hackers are able to gain access to the code that makes up your website. From here it is easy for them to wreak havoc. The easiest way to prevent this from happening is to use a reputable hosting company.
The most common way for hackers to gain access to your website is via old versions of WordPress or outdated plugins. Each time WordPress or a plugin updates, a list of what has been updated, called a Changelog, is published. This is the perfect roadmap for hackers on how to gain access to your website.
On Kali Linux we run a tool called ScanWP that will run through a website, tell us what core version of WordPress they are running, then list the plugins and themes installed and tell us what version of each is running. From here it is a simple case of looking at known vulnerabilities and then exploiting one. There will be step-by-step guides published on the dark web so that even a first-time hacker is able to gain access to the site.
How can I stop it?
Let us start with the passwords. You should have at least 4 passwords that you use on the Internet. A simple one that you use for non-essential sites where a hacker won’t be able to get into anything vital. A stronger password to secure your email – if you have multiple email accounts try using a variation of the standard password for each account. Then you should have a strong password that you can use for any e-commerce accounts you may have. Finally, one ultra-strong password for online banking and any platform with direct access to your finances.
As mentioned before, reliable hosting is a non-negotiable in my opinion. There are several budget hosting companies out there, most of which are very easy to penetrate. We dealt with one a few years ago that used the word “password”, on the main admin account so staff would not forget it. Pay a little bit extra and get peace of mind.
Updating WordPress and your plugins on a regular basis though is the key. We often deal with hacked websites that have not had a security update run since they were built. To do a manual update on an average website will take you less than 30 minutes. Doing this once a week will help keep your website safe. The alternative is to look at an automated system like we use, that continuously scans for updates and then runs them every evening.
Keeping your WordPress version and your plugins up to date will have other benefits. These include faster loading time, extra features, and better compatibility with new devices.
What happens if I have been hacked?
Step 1: Establish where the hack has occurred. We will normally FTP (log) into the server and pull a copy of the website and the database down. We then run a virus scan on the website files to see if any malicious code is picked up. We normally find that when a plugin is compromised, all the scripts are in that plugin folder.
Step 2: Run a scan on the database. What many hackers are doing these days is dropping a script into the database, as it doesn’t get picked up by the hosting companies’ virus scanners for longer.
Step 3: Remove the code from the website files and database. We now have a clean version of the website that we can upload.
Step 4: Run all the updates that need to be run. If the plugin that was hacked does not have an update, we will email the developer and let them know there is a vulnerability. If no response is forthcoming, we find an alternative plugin that gets updated regularly.
Step 5: Change all the passwords associated with the website. These include FTP and cPanel login passwords. All WordPress admin roles also need to change their passwords. Finally, if your website integrates into any services like MailChimp or Facebook, we recommend changing those details as well, just as a precaution.
It takes a minimum of about 10 hours to clean a hacked website. This is a costly and painful experience. Prevention is definitely better than cure when it comes to website safety.