I remember the shock I got when I first installed a plugin which reported attempts to hack into my website.
I ticked the setting to send me an email if a hacking attempt occurred. To my horror, hundreds of these notification emails arrived within the first hour and I had to log in and quickly change that setting.
My website isn’t important enough to hack
My website was too small and unimportant to attract any kind of real hacking attempts, I thought. But no – that’s not true. The automated tools used by hackers don’t distinguish between a large website and a small one, a popular website or a niche one.
True, some hackers target specific businesses, governments, or financial institutions. But many are just looking for a way in and any website will do, particularly one whose owner is lax about security.
Why hack into a website?
There’s a great post here, describing 5 types of hackers and why they hack.
Reasons range from boredom to malicious intent and gain, but one thing is clear – all websites are potential targets.
What can I do?
Just like keeping your home secure by locking doors and windows, it is important to keep your website secure by implementing reasonable security. Simple measures include:-
- Keep your website framework (programs and plugins) up to date – install any security fixes
- Ensure passwords are non-trivial – use a password manager
- Install simple security measures to lock out unsuccessful login attempts
- Don’t store data about site visitors or members that you don’t need and use
As well as that, implement additional security in proportion to the data you store and how private it needs to be.
Sucuri provide a lot of great tips, tools and services for website security.