June 20, 2017
• Posted in: Marketing Tips, Website Design
Survive a website hack [How to guide]
Even the best websites get hacked. Companies such as Apple, British Airways and Sony have all been hacked in the past few years. While ecommerce sites are targets due to the personal data they contain, any website may be a target for hackers looking for a clean server from which to distribute malicious malware. There are steps you can take to minimise the risk, but preventing an attack is almost impossible.
How do I know if my website has been hacked?
There are many different types of hacks, with varying degrees of severity. Sometimes these will be immediately obvious, but at other times the attack is more subtle.
While cyber-attacks are rare, in most cases where an attack has been suffered it will be a soft hack. This is where a site is simply defaced. Usually easily fixed, no secure information is accessed, and the website can soon be back up and running as normal. In the exceptionally unlikely event that you suffer a hard hack, where user details or data is stolen, contact Kall Kwik straight away so we can minimise the damage.
Here are some revealing signs that you have been compromised:
- Your website looks different. Pages have been ‘defaced’, new text has appeared, you get unexpected popups on your site, or you’re receiving PHP errors when trying to load pages
- Your website has been blacklisted by search engines
- Your host has emailed you to inform you that they’ve taken your site offline
- Your own (or your customer’s) anti-virus software alerts you to a security risk when you try to visit your site
- Your internet browser displays a red page alerting you to a phishing or malware attack
- Your site traffic spikes, especially with visitors from other countries, as spam is sent around the world encouraging people to click through to your infected site
How does a website hack occur?
- The easiest way to hack a website is to guess passwords. Using common passwords – such as 123456789 or Qwerty – leave you vulnerable to an attack
- Security vulnerabilities in outdated software or plugins provide easy points of entry for hackers
- Phishing (sending a fake email requesting personal information) is a tactic employed by criminals to gain data that could then be used to infiltrate secure parts of your site
- Old usernames of former employees with administrative access can be targeted by hackers
What to do if I’ve been hacked?
If you have been hacked, it’s important to stay calm. Your website will recover, and you will return to your original standing. By restoring your site to its original state, you can also take steps to help prevent a similar attack occurring in the future.
- First, contact your hosting provider. They may be able to provide some information as to how you were hacked in the first place. While they will most likely not clean your website, the information they provide could be invaluable. They can also take steps to ensure other sites on the same server are not compromised.
- Contact your web developer. The web team at Kall Kwik are experienced in assessing issues and fixing them. We can act quickly to clean your site and rectify the problems that arise from a hack.
- Change your passwords. The easiest way to hack a website is to guess the password, so change them to stop the hackers returning to do even more damage.
- Take your website temporarily offline so your web team can fix the problem without exposing further visitors to malicious code or suffering further interference from a hacker.
How to minimise the risk of a cyber-attack?
- Backup your system regularly, and keep older versions. The easiest way to get a site back running quickly is to reinstall it from a clean backup file. The hack may not be immediately obvious, so keep a number of backups to be sure of having a clean version.
- Use a secure password. As we stated in our blog – Our number one tip for secure passwords – a password manager is a great way to devise and store secure passwords for all your web activity. Exploiting weak passwords is the easiest way to hack a site, so the password PASSWORD is not good enough!
- Update your plug ins. As mentioned earlier in this guide, updating your WordPress plugins keeps your site as secure as it can be, as vulnerabilities are patched so hackers can’t exploit them.
- Use security software, such as Sucuri. While it won’t make you impenetrable to attacks, it will help minimise the risk, detect breaches quickly, and help clean your site if it is hacked.
If you think you’ve suffered a hack, contact Kall Kwik immediately. The quicker we’re alerted to a hack, the faster we can work to minimise the damage, the more likely we can restore your data from a backup (if you have one), and the sooner we can have your website back up and running correctly.
If you need help please email [email protected] or call 01284 752266.
Read more: ‘How do I back up my emails?’ »
Read more: ‘Is your website secure?’ »
Read more: ‘Servers – what are my options and why are they important?’ »
If you enjoyed this post, please share it with your Facebook and Twitter followers using the links below!