Normally when we’re talking about your website being hacked, we’d expect it to be defaced, or taken off-line, but here’s another impact from your website becoming infected by hackers. An exploit loaded into your website, which then infects all Visitors devices.
In one way this is probably more of a concern for your business, as your website is responsible for spreading infections to all of your visitors. Depending on when and how visitor devices are infected, they aren’t going to stick around to buy or enquire about your commercial offerings – so you just lost (another) prospective client.
Also, Google is very good at sniffing out if your website has a virus, and very quickly will start showing a warning not to visit your website. Again, another sales discourager.
Further, there’s the matter of liability. If someone who got infected from your website decides to get litigious where do you stand?
Maybe your terms and Conditions for visitors might be applicable – that is if you actually have some T&C’s on your site!
Given all this, I’m sure you’d agree that operating an infected website is not good for your business!
A current example of website passing exploits to visitors
This detailed report by Dan Goodin of ARS Technica published recently caught my eye and strongly illustrates the genuine risk of your website hosting a hack and passing it onto visitors.
How to prevent your website from being hacked
So what can you do to guarantee that your site doesn’t get hacked?
Well, frankly, there are no guarentees that your website won’t get hacked, but there are certainly some steps you can take to minimise your site’s exposure to hackers.
Timely Software Updates
Ensuring the software in your WordPress website is up to date.
This is the single most effective activity you can undertake to prevent hackers from breaking into your website. Sadly, as updating software is a particularly pedestrian activity, it fails to impress people how important it is.
Stay out of sight
Hackers prowl the internet using scanning software looking for sites with known exploits These are invariably linked to down-version software. If the scanner doesn’t detect out of date software, it moves on.
Don’t use poorly supported plugins
One of many advantages of using WordPress is that you can add easily extra functionality with Plugins, but be diligent about your selection of plugins to ensure the developer keeps them regularly updated. This information can be readily found on the plugin’s information in the WordPress plugin library under the ChangeLog tab.
Update all software
Be aware the software that needs to be kept updated includes:
- WordPress core software
- Plugin software
- Theme Software
Use an internal firewall
WordFence, iThemes and other providers have created plugins that provide internet firewalls inside your WordPress site. They include hacker risk reduction functions such as:
- monitors visitors and blocks those with hacker-like activity
- scans your site for security risks and evidence of hacks
Be prepared for the inevitable hack