It will cost you a lot if your website gets hacked

Contributing columnistJuly 29, 2013 

Ann Marie van den Hurk is an award-winning, accredited public relations professional and principal of Mind the Gap Public Relations.

Your website is your business's lifeline to the outside world. The lights never go off on a website. It is open 24/7, giving instant access to customers. Your website is critical in today's marketplace.

But what happens when the lights are turned off on your website? What happens when your business's website is hacked?

That can cost your business a great deal. The average cost of a cyber attack on small to medium-sized businesses is more than $180,000.

Once it's hacked, your website could be blacklisted by Google and other search engines. That means the site may not be coming up in search results and/or when it does, there is a message alerting users that the site might be compromised. That's not good for your business.

One of the most common website platforms used today is the free, open-source WordPress. One in six websites in the world are powered by the WordPress platform. With its popularity and ease of use, WordPress and the 64 million websites powered by it, are easy targets for hackers.

In recent months, WordPress sites have come under attack by hackers and it is not known how many websites have been compromised. And most users are unaware that their websites have been hacked.

The motivation of hackers varies. Some hack for the thrill of it or to test their skills. Others hack for darker reasons, such as financial gain or disruption of business. The hacker may wish to gain data such as passwords or just spread malware.

So how are hackers able to hack your website? The most common routes are:

■ Insecure passwords. Often this is what is called a brute force-attack, where bots and/or hackers will keep trying usernames and passwords until they find the correct combination. There are programs specifically designed just to do this.

In the most recent attacks against WordPress sites and major hosting providers, hackers were using the very common username "admin" and then entering common passwords.

■ Outdated code. There are bots, which are combing websites looking for outdated or shoddy code that would allow easy access to your site to insert malware or take information. They can often get through outdated themes and/or plug-ins.

How do you know if your website has been hacked? Chris Wiegman, website security expert and creator of Better WP Security plug-in, says that it is important to pay attention to what your site is doing. It may not be apparent, but there are some clues if you pay attention to activity on your site. Check for:

■ Upticks in traffic out of the ordinary locations

■ Your site is slower than normal

■ Large amounts of spam

■ Numerous 404 error pages (page not found)

■ Google Malware warning

Once you are aware your site has been compromised, you will have to have your site fixed or "scrubbed."

The first thing you should do is to contact your hosting provider. Then change all of your passwords to your site, including your FTP password.

While you can scrub your website yourself by replacing every file and restoring the databases, it is a time-consuming process and requires some understanding of code and databases.

The preferred option is using a professional service such as WPSecurityLock.com or HackRepair.com. The service will scrub your website and bring your site back online. It can cost $200 and upwards and services vary.

Being proactive is important in protecting your website. Wiegman says apathy is the biggest hurdle in thinking that hacking could never happen to your site because you aren't a large multinational organization.

He suggests these ways to secure your website:

■ Update it regularly. Make sure you have the most up-to-date version of WordPress, plug-ins, and theme installed. If you aren't using a plug-in or theme, delete it.

■ Install a security plug-in. It can help protect your site from a brute-force attack by limiting the number of login attempts or tracking file changes.

■ Use robust passwords. Create strong, varied passwords. And change them regularly.

I know firsthand about having a website hacked. It happened to my WordPress website in May and June. I used the free Better WP Security plug-in. The plug-in detected that I had been hacked and I was alerted to questionable activity. I tried to fix my website myself, but I soon realized repairing the hack went beyond my expertise and I got professional help. I paid WPSecurityLock.com to fix my compromised website.

Experts say a website hack isn't 100 percent preventable, but you can take steps to make it harder for your website to be compromised. I learned this the hard way.

Ann Marie van den Hurk is an award-winning, accredited public relations professional and principal of Mind the Gap Public Relations. She proudly called Lexington home but now lives in North Carolina. She is also the author of the book Social Media Crisis Communications: Preparing for, Preventing, and Surviving a Public Relations #FAIL. Email her at ann@mindthegappr.com, or follow her on Twitter at @amvandenhurk.

Lexington Herald-Leader is pleased to provide this opportunity to share information, experiences and observations about what's in the news. Some of the comments may be reprinted elsewhere in the site or in the newspaper. We encourage lively, open debate on the issues of the day, and ask that you refrain from profanity, hate speech, personal comments and remarks that are off point. Thank you for taking the time to offer your thoughts.

Commenting FAQs | Terms of Service