Is My Website Hacked? 7 Telltale Signs | WP Support Specialists 

It’s every business owner and blogger’s nightmare – is my website hacked?  You may have noticed that your site isn’t operating as smoothly as normal, or, if you rarely use your own website (as you’re busy running your business), regular clients call to say the website isn’t working properly.

Nowadays, hackers are sophisticated and the signs that your site has been hacked range from “obviously something’s gone wrong” to “I have a sense all is not right”.  It’s important to identify if your website has been hacked as soon as possible – so you can take steps to get it fixed.  Here are 6 telltale signs to look out for.

Is My Website Hacked?  The “Obviously Something’s Gone Wrong” Signs 

1. Different Website Entirely

If you type your website url into your browser, or click a link for your site but find yourself on a completely different site (often one of a risqué nature), it’s highly likely you’ve been hacked.

Some hackers think it’s a jolly jape to hijack a website and redirect all traffic elsewhere but it won’t please your clients!

Take action immediately!

Would you like a free website hacking check? Contact us today!        Is my website hacked?

2. Website disappears

When your browser tells you that your website doesn’t exist, don’t panic right away – check for simple solutions first: has the domain name expired?  Is the website down for maintenance? Is there an issue with your web hosting company? Once you’ve ruled out obvious alternatives, it’s time to consider that your website has been hacked

3. Browser alert

When trying to access your site, if you see the red malware screen, you have a definite problem that needs checking out.  Get on the case quickly – nothing so likely as to put the frighteners on clients as seeing this screen when they try to click to your site.

A big concern here is how long this has been an issue and how many visitors you’ve lost because of this. The nature of people is they are unlikely to reach out and tell you unless they are already a good customer.

 

has my website been hacked

4. Multiple Windows

If you click through to your website and multiple windows pop up, or when you click on various links on your site you find you are redirected to other sites.

If this is the case, all is not well, and it’s very likely devious hackers are behind the scenes.  Time to get your site checked out.

 

Would you like a free website hacking check? Contact us today!        Is my website hacked?

5. Words That Don’t Belong

If odd words are popping up on your site, or strange links to other sites that you know nothing about, it’s probable you have been hacked.

6. No Access

If your normal log in to the admin area of your website is not working, a hacker may have got into the site via the Admin account or cPanel and changed the passwords.

Is My Website Hacked?  The “I Have A Sense All Is Not Right” Sign

7. Exceedingly Slow To Load

If your website is suddenly much, much slower than normal, and you get a timed out message before the connection can be made,  there may be hackers using your site to send out spam emails.

There are several problems with this

a) your clients won’t bother to wait to see if the site loads

b) if a connection can’t be made, then your clients will remember you as the company with the dodgy site

c) if hackers are sending out 1000’s of spam emails from your domain, your website is in danger of being blacklisted. You Internet provider may also cut-off your internet connection and your ability to send and receive email.

 

Would you like a free website hacking check? Contact us today!        Is my website hacked?

 

If you’re thinking then it’s best to seek professional advice as soon as possible.  Hacked websites not only prevent potential clients navigating their way around them without problem, but they can also offend your clients with inappropriate material and get your domain blacklisted in the eyes of the search engines – meaning you have no possibility to rank in search results.

 

We offer a range of WordPress support services if you require help. Just contact us for a no obligation chat!

WordPress Security Attacks Dec 2016 And Take-Home Conclusions

WordFence – the WordPress Security company – has released a report of WordPress attacks globally in December 2016 which makes for interesting reading.

Examining the top 25 IP address responsible for attacks on WordPress websites, 80 million originated in Ukraine from four netblock owners:

  • PE Tetyana Mysyk
  • Pp Sks-lugan
  • Kyivstar GSM
  • ISP Datasvit network

24 million originated in France and 18.4 million from Russia.

 

The report splits the data into two types of attack

  • Brute force attack – which tries to guess the WordPress password
  • Complex attack – which tries to exploit a vulnerability in WordPress or associated plugin.

Complex attacks (63 million) were found to be from fewer, most active IPs – a finding the authors accredit to the fact that these are more sophisticated attackers who have the ability to attack vulnerabilities and in huge volume.

During December 2016 there were more than 3 million to 8 million blocked complex attacks per day.

Brute force attacks (67 million) were more common and noticeable from a higher number of IPs, but at a reduced volume – as these attackers are less sophisticated.  Furthermore the brute force attack is likely to be far less successful due to the very nature of the attack.

Towards the end of December 2016, there was a huge peak in blocked brute force attacks, reaching over 45 million in a 48 hour period.

Take-Home Conclusions

What Does This Data Mean For Your WordPress Security?  It re-emphasises the importance of being vigilant about your WordPress security.

Brute force attacks can be blocked by various plugins, such as the WordFence Security plugin and it is essential that you insert one on your website.

If you’re unsure how to add this type of plugin or are concerned by the warning they display before installing, please feel free to contact us for installation assistance.

Since complex attacks are targeted at vulnerabilities in WordPress themes and WordPress plugins, you can reduce the risk of attack by keeping your core WordPress system and plugins up to date.  The data reported showed that all attacks were via publically known vulnerabilities, and many of these plugins dated back to 2012.

Read the full WordFence report here.

If you’re worried about your WordPress security, we offer a FREE security audit which examines, detects and provides a fully detailed report looking at potential vulnerabilities within your WordPress website.

Alternatively contact us to discuss any concerns you have about your WordPress website – we’re sure to be able to help.

WordPress Website Security: 20 Ways To Give Hackers The Runaround

It’s a sad fact that malicious malware and website hacking are an all too common a reality.  Therefore it’s imperative to seriously consider your WordPress website security and take appropriate steps to keep it out of the clutches of hackers.

Our list below outlines 20 easy steps you can take to maintain your WordPress website security at a high level, and give those pesky hackers the runaround!

1. Secure the login page – the standard website login page can easily be reached by adding /wp-admin/ or /wp-login.php to the website URL.  Change this to prevent hackers from finding your login page with ease.

2. Change the admin username – never use “admin” as the username for your main administrator account.  Change it to something which hackers won’t be able to guess.

3. Password control – ensure your passwords are strong by using upper and lower case letters, numbers and special characters. Change them regularly.

4. Use a login captcha – add the captcha function to your login page to prevent robots continually trying to access your website.

 

WordPress website security captcha code

 

5. Set up a lock down feature – use a plugin such as iThemes Security to lock down access after a predetermined number of failed login attempts. The user’s IP address also gets banned.

6. Protect the wp-admin directory – use a password to protect entry to this directory which is at the heart of any WordPress website.

7. Use a SSL (Secure Socket Layer) Certificate – this encrypts data between the browser and website server protecting it from attack by hackers.

8. Manage user accounts carefully – if you grant another user access, ensure that they too have a strong password.  When the user no longer needs access, ensure you deactivate their access.

9. Set appropriate levels of access – any user with admin access to your site can edit files, plugins and themes.  Manage this by giving users the level of access they need.  For example, if a user only requires to edit pages and posts and add new images etc. then they only need “Editor” level permissions, not admin.

10. Use security orientated plugins – eg. Sucuri Scanner and WP Security Audit Log

11. Use only reputable themes and plugins – only ever use themes and plugins from reputable suppliers, and ones which have been recently updated – which indicates they will be optimised as far as possible from malware threats and be compatible with others

12. plugins or themes that you don’t use – if you’re not using them, you’re likely to forget to update them. So best delete them to prevent hacking. This also helps to improve the speed and operation of your site

13. Choose a secure hosting company – opt for the best hosting you can afford, ensuring that the company addresses security vulnerabilities on its own host.

14. Make regular secure backups – ensure your website is fully backed up, so in the event of hacking, you have the backup to revert to.  BackUpBuddy is a great plugin which automatically backs up your site.

15. Monitor for Malware – run regular Sucuri checks (which are free) but bear in mind that, depending on the infection, they don’t always show a problem.

16. Remove any malware as soon as possible – if your site has been infected, you may not be able to remove the malware yourself.  In that instance you will need to pay a WordPress specialist company to fix the problem.

17. Update core system as new versions are released – WordPress versions are regularly updated to fix bugs and prevent vulnerabilities that have been identified in the previous version.  Your dashboard helpfully shows when new versions are available.  However before doing any updates, ensure your site is fully backed up.

18. Update plugins as new versions are released – check for new releases in the plugin section of your website.  Before you update any plugins, ensure they are compatible with the core WordPress version you are using. Also make that all important website backup before you do anything.

19. Accessing your website – when logging in from your computer, ensure your PC is virus-protected by installing antivirus software (eg. AVG, Avira, Comodo).

20. Use some common sense!  Never log into your website on an unsecured network!

We hope you find these 20 tips about WordPress website security useful and that you’ll crack on with implementing them – the sooner you do, the sooner you’ll be giving potential hackers a a much tougher time!

If you need help to maintain your WordPress website security – or indeed have any other WordPress related question – why not drop us a line? We’re sure we’ll be able to help!

Hacked Websites Report Q2 2016 – Is YOUR Website In Capable Hands?

Sucuri has just released its 2016 Q2 report on hacked websites based on the analysis of 9,771 infected websites. And it makes for an interesting read, particularly when you consider their final point:

“There is currently a sharp decline in the knowledge required to have a website, which is breeding the wrong mindset with website owners and service providers alike.”

They’re almost going as far as to say that too many hacked websites are the result of  their owners, webmasters and hosting companies not doing what they should be doing to keep the website secure.

Which is a worrying thought for most people – is YOUR website in capable hands?

 

Let’s look at some of the findings from the Sucuri hacked websites report.

1. Which CMS Platforms Were Most Commonly Affected?

The most common hacked websites were those using WordPress (74%) , Joomla (16%) and Magento (8%). This in part is a reflection of the usage of these different platforms – WordPress absolutely dominates the world of website CMS platforms making up 59% of all CMS, then Joomla 6.2% and Magento at 2.8%* – and the more websites there are using a particularly CMS, the more infected sites there are likely to be.

Indeed Sucuri states early on in the report that the data does not imply that WordPress, Joomla or Magento are more or less secure than other platforms – in most cases, the problems seen were little to do the core system, but far more to do with webmaster and hosting mistakes!

2. In-Date or Out-of-Date Software?

Sucuri reviewed whether the CMS being used was fully up-to-date at the point the website was infected, or not. CMS updates and patches are released regularly to ensure the systems work at a high level of security, but unfortunately many webmasters don’t maintain their sites rigorously, and allow them to become out of date.

And as Sucuri so succinctly says, “With enough time, motivation, and resources, attackers will identify and potentially exploit software vulnerabilities.”

Of the 9771 websites examined, Sucuri discovered an amazing:

• 55% WordPress sites were out of date
• 86% Joomla sites were out of date
• 96% Magento sites were out of date

making it easy to see a clear relationship between infected Joomla and Magento websites and webmasters who aren’t maintaining their sites properly.

3. Focus on WordPress

As the world’s most popular CMS, the cause of attacks on WordPress websites was examined in greater depth.
Three out-of-date and vulnerable WordPress plugins were responsible for 22% of all the WordPress compromises, and the frequency of each responsible plugin is shown below:

• Revslider (46%)
• TimThumb (27%)
• Gravity Forms (27%)

Since each of these plugins have had fixes available for more than a year (TimThumb since 2011), Gravity Forms (since December 2014) and RevSlider (publically disclosed in September 2014), the fact that 22% of all the infected WordPress websites were still using at least one of these, is of concern.

Sucuri concludes that the WordPress community still faces a challenge in making website owners and webmasters aware of patches and fixes and encouraging them to keep their websites up-to-date and secure.

4. Malware

The most common malware families responsible for the hacked websites were

71% Backdoor (files used to reinfect and retain access)
60% Malware (browser-side code used to create drive by downloads)
38% SPAM-SEO (compromise that targets a website’s SEO)
8% HackTool (exploit or DDOS tools used to attack other sites)
7% Mailer (spam generating tools designed to abuse server resources)
3% Defaced (hacks that leave a website’s homepage unusable and promoting an unrelated subject)
3% Phishing (attackers trick users into sharing sensitive information eg. log in information, credit card data etc)

The worrying thing to note here is that 71% of all infected websites had backdoor attacks which allow the intruders to bypass controls without presenting any external signs of hacking to website visitors. These backdoors are particularly effective as they can’t be detected by most website scanning technologies.

SPAM-SEO hacks were also on the rise – up to 38% in Q2. This is where the sites were infected with spam or redirected web visitors to spam pages such as content about Viagra, casinos, porn etc.

5. Blacklisting

Nobody wants their site to be blacklisted by Google, Norton or McAfee as it can damage the company’s reputation enormously, can adversely affect search rankings and also cause havoc with email systems.
However the research into which infected websites were blacklisted provided some startling statistics: only approximately 18% of the infected websites were blacklisted.

So that means that 82% of the 9,771 websites examined were free to distribute malware!

 

IN CONCLUSION – A large proportion of hacked websites arise simply because the CMS core system, the plugins, the scripts etc have not been kept up-to-date.

Even if a malware attack doesn’t cause your site to crash, there are several reasons your website visitors will flee when your site is hacked.  Furthermore infected sites can get blacklisted by Google – or perhaps even worse – keep on functioning and spreading malware to all your website visitors.

It is impossible to over emphasise how important regular maintenance is to reduce your website’s vulnerabilities and help secure it against attack.

Are you sure that YOUR Website is in capable hands?

See the full Sucuri Hacked Website report here

WP Support Specialists is a global WordPress support business dedicated to WordPress and WordPress alone! We offer emergency support and regular WordPress maintenance packages. If you want to have a no obligation chat about how we can keep your website secure, please get in contact.

* Data taken from W3Techs

10 Foolproof Ways to Improve Your Website Security

According to a recent post by Sucuri, the increased number of tools and applications which enable individuals and companies to set up their own website might be a great thing, but the downfall is that many people don’t know how to make their websites secure – in fact many webmasters aren’t aware of the importance of keeping their website secure.

So what are the top 10 ways all webmasters should be ensuring their website security?

1. Regular Updates

When a new plugin or CMS version becomes available, your site must be updated at once.  Hacking bots are automated and constantly look for vulnerabilities in websites. If you don’t want you website to be hacked, keep it up to date.

2. Password Security

Sucuri notes that many webmasters have passwords that are ridiculously easy to crack using password-cracking programmes.  Any password that contains a real word is more likely to be guessed than a password that is created from a truly random combination of letters, numbers and symbols.

The solution?  Ensure your password is unique, long and complex.

  • Unique – don’t use the same password for different programmes or accounts. If a hacker finds your website password, it shouldn’t give them access to your email or your online banking.
  • Long – at least 12 characters
  • Complex – only a random string of characters will do

Of course it will be almost impossible to remember a complicated, random 12 character password – and Sucuri recommend you use a password manager such as “LastPass” (online) or “KeePass 2″ (offline).

3. One Website per Server

When you have a web hosting plan that enables you to host many websites on one server, it is tempting to do so.  But Sucuri points out that a if a hacker gets access to one of the sites, the infection will spread to the others very easily.  Furthermore, the clean-up operation becomes more complicated as the infected sites keep on reinfecting one another as you try to weed out the virus.

Best security advice?  One website per server.

4. Manage User Access

Invariably you will need to give several users access to your website.  But make sure each has their own user access, with the appropriate minimal level of access that they require to perform their job. This not only reduces the impact of any compromised accounts, it also enables you to monitor what the users are doing when they access your site.

5. Alter Default CMS Settings

When installing your CMS make sure you change the default settings.  This will help protect against attacks which look for the default settings being used.  Even if you didn’t change them during the installation procedure, you can change them at a later date.

6. Choose Extensions Carefully

There are so many extensions and plugins available but you need to choose which you opt for carefully.  Sucuri recommends the following key points to help choose your extensions with security in mind:

  • Download from a legitimate source: many sites offering free extensions which seem too good to be true often are – these extensions are likely to be infected with malware.
  • Check Date of Updates: if the extension hasn’t been updated in over a year, it’s unlikely you’ll get support from the author if there are security issues. Choose an extension that is currently supported by the author.
  • Experience of Developer: an experienced developer is more likely to know about best security practices and will ensure their extensions are safe to maintain their own reputation

7. Backups

It’s not enough to backup your website – you need to make secure backups.  Don’t store your backups on your web server as they often contain unpatched versions of your CMS which can give hackers the server access they want.

8. Server Configuration Files

By accessing your server configuration files, you can set server rules which will improve your website security. Sucuri recommends adding the following rules for your web server as a minimum:

  • Prevent directory browsing – this stops hackers seeing the directory contents on your website
  • Protect sensitive files – you need to put some locations on lock down eg. CMS configuration files (as they contain the database login information) and other administration areas.

9. Use a SSL Certificate

Particularly important for e-commerce websites, the SSL Certificate encrypts data between the browser and website server meaning the data is protected from the Man in the Middle attack.  However Sucuri notes that SSL does not protect your website from hackers, nor does it stop it distributing malware – but it does protect visitor information and ensure you won’t get fined.

10. File Permissioons

There are 3 file permissions available: read, write and execute, and each permission is represented by a number.  On installation, most CMSs have the permissions correctly configured so it’s not something you normally need to worry about.

However there is a lot of bad advice circulating around the internet – if you’re trying to find help about how to fix permission errors, people may advise you to change the file permission to 666, or folder permission to 777 – yes it will fix the errors but this is terrible security advice – these codes leave your site wide open to malware.

Conclusion – webmasters need to be aware that websites are being continually searched by automated bots looking for a way in to cause havoc.  But by following the recommendations from Sucuri, their website security will be dramatically improved.

4 Reasons Your Clients Will Flee When Your Website Is Hacked

If you’re a company owner who takes your website for granted, do you ensure it’s regularly maintained and checked for malware? If not, hackers may have already got in without you even knowing it!  And when hackers get in, they can create havoc – causing you to unintentionally irritate and offend your clients – who won’t remain your clients for long.

Many people believe that when a website is hacked, it’s pretty obvious – it just crashes, right?  Well no  – today hacking is far more sophisticated.  Hackers like to keep well under the radar so they can collect information, install malware and merrily spread infection to other users and servers as far and wide as possible, all the while evading detection.

Here are 4 reasons you’ll lose clients when your website is hacked:

  1. Offensive content is added to your site

As sure as eggs is eggs, when hackers alter your website content, they don’t add images of cute kittens or beautiful scenery – they opt for more unsavoury content.

The result?  Whether your clients realise your site has been hacked or think this is the kind of content you want to share, they won’t be staying around for long, and you certainly won’t have made a good impression.

  1. Visitors are told your site is unsafe

When someone lands on your website they receive a warning message advising them that the site they are about to enter is unsafe and could damage their computer – your website is on a blacklist.

The result?  Clients will quickly close the tab and steer well clear of your website in future.

  1. Clients and many others receive spam emails

Thousands of people may start to receive spam emails from your website when it’s been hacked – even if you’re not aware of it.  If your company hosts websites for others, the problem may even extend to their domains.

The result? Unhappy people who don’t appreciate receiving spam emails from you.  Most will delete your emails – if they get through their spam filters; others may report you as a spammer and after multiple abuse reports, your entire domain is likely to be blocked.  Either way, you shouldn’t expect any of these people to want to become your customer in the future.

  1. Your website is ooooh sooooo slow

As a company owner you probably don’t navigate around your website very often.  But if it has been hacked it may be working very slowly and your customers will be the ones to suffer.

The result? Customers will simply get frustrated by your sluggish website and won’t bother to stay around to learn what your company could offer them.

 

In the above scenarios you may be in blissful ignorance that your website has been hacked and consequently may lose many existing and potential clients in a matter of days.  If you’re lucky, one of your clients will alert you to the problem but really – what does that do for your credibility in their eyes?

It’s far better to maintain your website regularly, with malware monitoring and regular back-ups.  Then in the event your website is hacked the malware can be removed as quickly as possible.

The online world is far too competitive for you to lose clients to your competitors when, with simple website maintenance, the problems could have been avoided in the first place.