I’ve long considered these evil hacker folks to be pirates, sneaking in and stealing the booty of your lovely website and leaving disaster in their wake.

To protect your site against hackers, it’s important to understand why they do what they do and how they perform their trade. We’ve gone so far as attempting to hack our own sites to better understand the minds of our opponents. In our Zen journey to become one with the hackers, we’ve learned a few tricks.

Hackers are usually out for more than just kicks.

They want information. They hack to gain financial or login information. If a hacker is phishing, he or she may replace your “pay now” link with another that directs to his or her website. The payment pages look the same to the viewer, but the information is sent to the hacker instead.

They want to promote their website. Hackers may add links to your site to try to boost SEO for their own site. They often do this by gaining access to your site via your admin portal.

They want to distribute an email message. Many servers and website development platforms have the capability to send email. Hackers harness this ability to send SPAM to promote products and spread malware or viruses.

They want to make a statement.
Some hackers are just kids breaking into sites for attention and bragging rights, while others organize into groups and break into sites to make a social or political statement.

Screen Shot 2014-10-23 at 3.52.12 PM

Hackers look for areas of weakness.

Administrative portal
This is the most common approach for many platforms. The hacker attempts to log in to your website admin section using a combination of usernames and passwords. After he or she successfully logs in, the hacker modifies your site or site code, usually by adding links to existing content.

Hosting space
Hackers run scripts to automate Web server login attempts, trying alternate usernames and passwords until they identify a successful combination. Then they can log in and add files or make changes to your website code to execute a hack, sending emails or spreading malware.

Platform plugins
Most development platforms offer a way to extend the functionality of the core program using plugins. Some hackers target commonly used weak plugins to exploit a specific vulnerability to gain access to your hosting space.

Clean up your act. Your website is at risk if:

1. You’re running an outdated version of your website software. Each new release of open-source software is accompanied by an announcement and noted in a change log, telling the public, hackers included, what was modified in each version. The list gives hackers insight into the vulnerabilities of older versions of the software, like a road map telling them where to attack for best results.
2. Your login ID is “admin.” One of the most common ways to hack a site is running a script against the username ADMIN to find a corresponding password. If you don’t have the username ADMIN, the hacker has to guess both the username and password, so it’s twice as hard to get in.
3. You have outdated or unused plugins. Outdated plugins pose the same risk as running outdated software, especially if the plugin you’re using is popular. These commonly used plugins are targeted because they grant hackers a larger audience by allowing them to easily replicate the hack on sites running outdated versions. Also, consider deleting any plugins you don’t use. This requires less time to keep the plugins up to date and keeps the site tidy.
5. Your domain name accidentally spells something naughty. Hackers aren’t the most wholesome bunch; they do make their livings causing others grief. The sites they choose to target must be found somehow, and those sites with unknowingly naughty names, however wholesome the actual company, may be at greater risk for hacking than others.
6. Your password is your pet’s name or your daughter’s name. The most common passwords are those including 123, abc, pets’ and children’s names. Build a strong password that’s not easy to guess. Include an uppercase and lowercase letter, number and symbol.

Recent News

Finding Your Civic Voice on Predatory Lending

  Missouri has some of the laxest state regulations in the country on short-term loan companies offering quick-cash, payday, installment, or title loans —...

Vacant Lot? More Like a Park in Waiting.

  One thing we heard loud and clear at our planning open house for The Loop was the desire for more public space. I...

Press Release: The Business Times Company Leadership Changes

FOR IMMEDIATE RELEASE   COLUMBIA — The Business Times Company is proud to welcome Breck Dumas as the new editor of its flagship publication,...

A Day in the Life of Mid-Missouri Farmer Doug Nichols

This story originally appeared in print as part of “The Journey from Farm to Table”   Doug Nichols is the owner of Cloverleaf Farms....

Planting Local: Ways Your Business Can Go Green

This story originally appeared in print as part of “ROI on Eco” Being eco-friendly doesn’t have to begin and end inside the walls of...