Latest News

Why hacked websites are not necessarily your web designers fault

Getting your website hacked is upsetting and soul destroying, not to mention incredibly frustrating.  In desperation, many website owners will pick up the phone and scream at their web develop for ‘allowing’ it to happen – but in most cases, it’s not the web developers fault. We spoke to three web developers who have experience in managing hacked websites  – here’s what they had to say: North Wales Web Design experts, DesignWeb, said: We can normally can and do help even if it wasn’t a website we built. These days, hacking is a huge risk, to put it in perspective, by lunchtime today more than 66,000 websites worldwide will fall victim to a hacker – many of them attacking from miles away, unconnected in any way to your business, attacking your website purely because they can. People tend to say the same things when they call us about a hacked website – ‘why me?  I’m only a (insert anything here!) It’s upsetting, frustrating and disappointing, and we really feel for the victims, but targeted website attacks are extremely rare.   Hackers are only singling you out because a hacker did a worldwide scan using a specialist hacking tool and found they could get into yours. It is no different to your car being stolen, you don’t blame your garage, but again, as with your car, there are steps you can take to make you less of a target.

What happens during a hacking attack?

Bridgend Web Design specialists, SWWS, said: Once a hacker has control of your website, sometimes they will just playfully change a picture, but it can often be more insidious. Some hacks can be incredibly damaging, stealing your client data, hijacking browser search results for your website and diverting your clients to a nefarious site, utilizing your web server for cryptomining, destroying your data and downloading viruses and malware that hijacks host computers. The good news is that most websites can be recovered to some degree, but it is not always possible to fully recover a hacked site. In many cases however, hackers will leave some kind of back door for easy future access – which is why we always recommend choosing a professional to recover your site. However even seasoned professionals may not spot them – hackers are experts at finding ways to make their code hidden and looking innocuous. Our advice is always to avoid being hacked in the first place and to regularly scan the website after any hack has taken place. General Vigilence IT Engineer Mark Baker, Technical Director of Web Design & SEO Specialist Need to See It says general vigilance is important: “It’s not always apparent when a website has been hacked and when browsing the internet it’s important to be mindful of what you click, because hacked websites can also be designed to deliver a piece of malware onto a web visitor’s PC.  Be careful what you click on and don’t click on ‘ok’ on popups unless you know what they do. “Some of the viruses and malware we are seeing on servers these days can be very malicious, threatening to wipe or lock data and hold it to ransom.  Furthermore, it’s important that people don’t pay these crooks, in most cases they won’t restore your site anyway. However, all three of our experts agree, good awareness and security practices are essential to reduce hacking.

How can I protect my website from being hacked?

Nobody can 100% protect their website from hackers – it boils down to how much time, assets and acumen the hacker chooses to invest to hack your site. Huge corporates, Government associations and financial institutions are continually investing in cyber security and many of them have still been hacked. However, a few small steps will reduce your risk. We recommend all website owners: Have a SSL authentication The SSL adds additional encryption to your site, making it harder to hack. It also has a useful side benefit of helping your web ranking, as Google prefers sites with SSL certification. Choose Secure website hosting You can find cheap website hosting for £1 a month, or pay thousands per month. They don’t all offer the same service and you get what you pay for. Web Design specialists like DesignWeb will have spent time choosing a reliable, secure web host for their website owners and security will be one of their key considerations. Regular site backups are important too, check whether your website host includes this. Do website software updates While your website will have been built in line with up-to-date recommendations, both website hackers and technology are continually evolving. For this reason, WordPress issues updates to plug ins, themes and settings almost daily. Keeping WordPress updates up to date is essential . Once a vulnerability is uncovered, hackers usually spread the word very quickly, so it is an ongoing battle to issue updates in a timely fashion. Most web designers will offer a premium service where they take care of things like Joomla and WordPress updates for you. It can seem like a cost saving to say no, but it’s worth the time you will save to keep your website secure. It’s certain a service we’ve found popular among our clients. Very old custom-built websites are particularly vulnerable, as they will not have received regular patches and updates – many website designers will offer a free website review – take advantage of that and then listen to their advice. Finally, WordPress has some good plug-ins that will reduce your vulnerability. Talk to your website designer about whether one would benefit your website.

Choose secure passwords and educate your staff to do the same

You’d be amazed how quickly a techie can guess your passwords from a quick glance at your Facebook page. Pet names, kids names, friends names all make for terrible passwords. Also common names and passwords get added to hacker databases which automatically scan your site for vulnerabilities – so avoid them, too. Most hackers use a ‘brute force’ technique which keeps trying for common words in a database… so ‘motoracing’ or ‘rugbyfan’ is not so clever as you hoped! A secure password is harder to crack. A good password should not include names, have a mix of capital and lower case letters, numbers and special characters, and ideally at least 12 characters long.

Change passwords when staff leave

Not all hackers are remote – and an ex-employee with a grudge is always a risk. Good practice can eliminate that risk altogether. It’s best practice to change passwords when people leave – not doing so leaves you wide open to business disruption. Trust is great, but secure practices are a firmer guarantee. Website security is a huge topic and of course, we can’t cover every detail in a short article. However, these basic steps will avoid your site being an easy target. Awareness and monitoring, too, will make you able to respond quickly to any potential threat.