Millions of websites are hacked each day, in some cases the owner of the website may discover it in the next few hours however in other cases they may not discover it until after the website/server is blacklisted in systems such as Google, Facebook and others. The websites we are talking about are not special websites, they can be like yours, if you have one.
Maybe you are thinking your website is not interesting enough for a hacker, just some pages and few monthly visitors, so why should it be hacked? Well there are several reasons why, but to fully understand them you need to see your website through the eyes of a hacker.
Stealing and selling the data in your database, sending spam, adding malicious code to the website so that visitors unconsciously perform attacks against other infrastructures or your website performs attacks against other infrastructures are all activities of a hacker and lead to bringing your website down. These are just a few of the advantages a hacker can get from your website, so as you can see none of the reasons are related to the type of website.
So what can you do to avoid being hacked?
Attacks are usually performed on old websites because hackers find weaknesses each day, which are often fixed and covered within the latest version of the system you are using. So here is the first tip: ensure your system is always running the latest version and you stay abreast of the latest updates.
Often small weaknesses can lead the attacker to a better position inside your system. The weaknesses I’m talking about are not really related to the code but mostly with the permissions you are giving to users in your system.
Let’s say you have a blog and many people are creating articles for it. Everyone can write, edit, delete and publish articles however the person writing the article may not be in charge of deciding when the article should be published (for example if the article had to be reviewed by the editor).
In this case hacking the access of anyone else means giving the permission to write malicious code and publish it; malicious code which can be used to hack the administrator account. So here is tip number two: ensure you provide the right permissions to each user. If less people have higher permissions, this decreases the chances of the “right” user being hacked.
Last thing we will discuss in this article is about 3rd party plugins. Many plugins means many possible weaknesses and many updates to do. This doesn’t mean plugins are dangerous, you simply need to know what they do and keep them updated. So as a general rule, install external tools (plugins) only if you really need to.
In conclusion, There are no such thing as secure systems, only systems more difficult to attack. Before attacking, hackers scans the net looking for weak infrastructures, so ensure your website isn’t the weak ring in the chain.