FAQ on SecurityMay 31, 2018
Is my site hacked?
At any time, 18.5 million websites are infected by malware. Is yours?
Many website owners remain unaware their website is hacked, leaving their company open to data breaches and potential lawsuits and fines for spamming. Small business websites are the lowest hanging fruit for hackers because so many owners ignore security. With an easy target, attackers are free to cause havoc and destroy your online reputation.
What could happen? Best case is they only harm your reputation and you clean up the intrusion and work hard to regain trust with customers. Worst case is fines through laws like the European GDPR or lawsuits should a data breach result in harm to your customers.
Is your website hacked? It’s your responsibility to guard against hackers and keep your website healthy. If you’re asking the question, you may want to find out.
What chances are that my site will be hacked?
Your chances aren’t good if your security is poor. More than 70% of WordPress installations are vulnerable to hacker attacks, according to the hosting company, Alexa.
Website owners leave their software unpatched and unmanaged. That leaves many sites with older versions of WordPress that are weak against hackers. Even if your WordPress core files are up-to-date, your theme and plugins may remain stagnant and become an opportunity for hackers.
Defence is the best protection. Harden your site to make it harder for hackers to attack. Low security websites are like leaving the door closed but unlocked. Lock it to make it harder for the hackers to attack.
PCI Compliance is the set of requirements created by credit card providers (Visa, MasterCard, etc.) to protect customer credit information online. If you are handling credit card online, you will need to meet this.
In WordPress, most providers use shopping cart plugins like WooCommerce to handle online sales. The good news is that this plugin and its payment processors, such as Paypal, meet PCI compliance already. Thus, your responsibility is keeping your cart software patched and building a secure connection between your website and your payment systems.
We highly recommend a periodic review for eCommerce software like this. If credit card companies detect you’re out of compliance, they can shut your site down by not allowing you to accept credit cards. Small companies with few IT resources are an easy target for hackers.
HIPAA compliance for websites means your website protects the health information that a customer may pass through it. Failure to follow HIPAA compliance standards means huge fines for both your company and your web development firm. HIPAA is serious stuff.
WordPress can be HIPPA compliant, but it takes work. Websites and their hosting environments need to be monitored and patched as quickly as the patches come out. Just like any site, it should not be left alone. Once a site is deemed HIPAA compliance, the best protection is constant monitoring, virus scanning and periodic review.
Constant monitoring and periodical review to keep up with the compliance standard.
Is WordPress more prone to the hackers?
Yes and no. WordPress isn’t more prone than any other software to being hacked; however, because it is the most popular open source platform for websites, hackers search for WordPress sites more than other sites.
That’s why it’s so important to have a committed army of people defending WordPress, looking for weaknesses and upgrading software. That’s the benefit of open source software: more hands make for better solutions.
Those solutions include frequent software patches and maintenance solutions that make WordPress stronger. It’s our job to fit into the standards they create and to make sure all patches get added to software as quickly as possible.
It’s also our job to work with the companies that devote their business to protecting WordPress websites. Wordfence, our partner for website security, is a great example. Their solution provides an inexpensive software firewall to blocks bad traffic, along with tools that alert us to software patches and attempts to harm our client websites.
So, while WordPress is open source and a continual target, it’s a strong solution because there are so many people working to defend it.
If you think your site was hacked, please contact us!
Categorised in: Blog