In June of this year Sucuri reported that more than 150,000 WordPress sites were targeted with malware that changed the titles of vulnerable blog posts to include "1800ForBail". The purpose of the attack was to utilize a black hat SEO technique to increase the search engine visibility of the “bail service”.
WordPress is recognized as the most popular CMS, in use on more than 34% of all websites. However, WordPress is also reported to be the most infected CMS according to a recent study by Sucuri (owned by GoDaddy), with 90% of sites they reviewed being infected and 36.7% sites being out-dated. Unfortunately, this means that the more popular your WordPress site becomes, the more likely it is to be hacked.
WordPress hacks are not only commonplace they are part of the everyday playbook for bad actors of all skill levels. In fact, ThreatPost reports that WordPress vulnerabilities grew by 30% in 2018. Why? Because the WordPress code set is available to the entire world. A hacker merely needs to find a vulnerability and then exploit that vulnerability across hundreds of thousands of sites.
Running a WordPress website these days is risky business; not having your WordPress website hacked is more often a matter of luck vs a planned defense. This is why it's so important for every WordPress site owner to be aware of the warning signs that their site may be at risk. It's often only a matter of time before, not if, your WordPress website will be compromised.
Here are some basic indicators that your WordPress website is attractive to hackers, as well as signs that a threat actor may already be trying to hack into your site.
1) Your Traffic Just Picked up Significantly
WordPress hackers love web traffic. The more traffic you have, the more a hacker will find your site to be an exciting target. A new website is even better because the hacker will assume your site lacks the security measures necessary to keep your website and data safe. They also, often rightly, assume that a large amount of traffic means a large number of people can be targeted to steal credit card data or infect other websites, and computers. Watch out for large increases in foreign traffic – these are often telling signs that your site has already been compromised.
2) You’ve Recently Experienced a Cyber Attack
If your WordPress website has recently repelled a concerted attack, congratulations! Just know that the battle isn't over yet. Being targeted by one hacker is often the best warning sign that there are more hacking attempts to follow. Some attacks are automated, such as a phishing virus to infect your website and then use your website to infect other vulnerable sites. Or there are targeted ransomware attacks that use malware to send unsolicited emails containing links to pages on your website that are engineered to steal usernames, password and other sensitive data in the next step of the attack.
Experiencing one attack suggests that your website has something worth taking. There may even be a darknet flag planted on your website from the first attack marking your WordPress site as a future target. Even worse, that attack you thought you stopped may well have revealed the WordPress plugins you're using which can help hackers find even more vulnerabilities. Did you know that outdated plugins are the leading source of WordPress hacks?
If you have recently been subject to a WordPress attack don't rest on your laurels. It's time to take extreme measures to prevent a future attack, including the possibility of migrating your site away from WordPress.
3) Your Network has Been Exposed to an Infection
Not all cybersecurity threats work the same way. A website or an email phishing attack are only two of many ways a threat actor can steal data. Having your network infected (i.e. using malware) is something that needs to be handled with even greater care. If compromised, the risk exists that your network has been sending messages or data back to the hacker to exploit.
Successful network malware attacks heighten your risk profile because it may be living in your workplace computers and devices and continue infecting each device that connects. It is possible to identify and route out a malware infection, but your data is now at far greater risk than ever before because of the infection. The compromise may have exposed your security vulnerability, created back doors for future attacks, or set a beacon to raid your website.
If you have faced a malware infection in the past, it's best to assume that the entire WordPress site is still compromised. You’ll want to confirm whether vital information was revealed to the dark net, and then act accordingly.
4) Your Website Host Was Recently Hacked
One of the biggest warning signs of all is if your website hosting company has recently experienced a breach. When hosting companies get hacked, everyone is put at risk because the hosting company has control over all of their clients websites and servers. Without a doubt, hosting companies go out of their way to compartmentalize servers to protect one infection source from putting the rest of their clients at risk. With that said, Hackers News reported in January of this year that five major web hosting companies had been hacked – putting millions of customers and billions of websites at risk.
Understandably, hosting companies are targeted directly by hackers or concerted groups of bad actors to steal treasure-troves of data and gain access to key websites. Usually, it's a smash-and-grab with data stolen along the way. But often, there are more insidious aspects to the hack.
If your host has recently reported a security breach, and you haven’t done so already, you need to speak with your host and developer to do everything you can to protect your website data.
5) A Cloud Business Partner Has Been Hacked
Finally, keep an eye on all the business partners from whom you buy cloud services. Whether it's widgets for the website, analytics tools, data storage, or useful utilities. Symantec recently reported a 200% increase in supply chain attacks that attempt to spread spying tools to a wider number of companies.
If your account with a cloud services partner has been compromised, it may only be a matter of time before the stolen data leads them to target your website, network or other services as a result. If this happens take immediate steps to protect yourself, including a change of all your passwords – everywhere! Use strong passwords and password management.
Why? Because hackers love to follow up on their attacks. As data thieves, they can make the most of what they take by selling sensitive data or cultivating the data for their own purposes.
Simply put, WordPress websites keep getting hacked - with no end in site! If you’re concerned about your company’s brand, reputation and the security of your client data contact us today to learn more about migrating your website to our easy-to-use CMS, provided as an affordable and secure alternative to WordPress.