[image error]

Today’s post is a result of several conversations I’ve had over the last few weeks. In fact this topic is one that comes up frequently in my world.

Our topic today is security – website hacking specifically.

Maybe we can be more specific and ask the question: “How likely am I to be hacked?”

In my experience, most of the authors and bloggers I work with focus on their writing. If they work outside of their house, that job is a primary point of attention. Their family is also a primary point of attention. Keeping a website monitored and up to date is near the bottom of the priority list.

I clearly have a different bent than most of the writers I know. However, since I look after around 75 websites, I can tell you with certainty that in my experience, the vast majority of authors don’t give their website as much attention as it should get.

[image error]

In fact, when I sent one author an invoice for the time I had spent keeping her site up to date over the last few months, she replied to let me know that she “just has a little blog.” She “only posts once a month” and “isn’t famous.” She told me that I “don’t really need to spend as much time” on her site.

This is a comment that I get fairly commonly. The thought that only famous people are the target of hacking attempts. This isn’t true, and in today’s post, I’ll try to show you in numbers what I see every day. But first, some facts:

If a hacker wants to get into a site, they will – see recent examples in Sony, Equifax, Yahoo and Target
Most of the daily hacking efforts are carried out by bots – computers programed to carry out certain functions – don’t picture a person hunched over a computer keyboard looking for a target
Hackers take advantage of known or discovered weaknesses in websites
Websites – especially WordPress websites – are much less vulnerable to hacking if their platform programming and plugins are up to date

Let’s go back to the first point – if a hacker wants to get into a site, they will. We can also go back to the thought that most authors aren’t famous and therefore aren’t targets. Generally speaking, the owner of a website isn’t the target, the website itself is the target. It is valuable real estate!

Let’s move on to how websites are hacked.

Brute Force Attack – this is where the hacker attempts to log in – repeatedly. This type of attack is usually carried out by a computer program which will choose common (or known) usernames and either common passwords or password lists obtained from previous hacks. The term “Brute Force” comes from the ferocity of the attempts. Remember, if a computer program is doing this, it can work much faster than a human attempting to use a keyboard.
Exploit a Weakness – this is where the hacker takes advantage of a security weakness in your website – either the core coding, the theme coding or plugin coding – to allow them entrance. Most ethical developers of website products will react to security weaknesses, correct problems and issue a new version. For that reason, we should promptly take advantage of updates that are issued for security reasons.
Attack a Server – this is where the hacker attacks the servers – the places where websites are hosted or stored. Examples are GoDaddy, SiteGround, InMotion Hosting, etc. Most ethical hosting companies will actively protect against hacking attacks of their servers without us being aware anything is happening. However, in some cases, the news picks up and we are made aware of it.

Why are websites hacked?

The next question is “why.” We’ve already covered the “I’m not famous” comment which indicates most people feel they must have something of value to attract hackers to their sites – hence the “famous” comment or the other common comment of “I don’t sell anything from my site.” This assumes that hackers are looking for credit card numbers or something similar of value.

[image error]

The “why” of hacking can range from simply boredom to the ability to spread viruses all over the world. A website can be seen as valuable real estate for a hacker to upload their advertising (think Viagra ads) or malicious coding (think viruses) and use your site as a launching pad of sorts. Your website probably has several gigabytes of storage that you aren’t using and a hacker can use without your notice. This can go on for quite some time, however, your website could be generating a bad reputation in the on-line world and you could find yourself black-listed. Not a position any author wants to find themselves in as that will cause issues with readers finding you and perhaps accessing information about your books.

I’m not like most authors who get caught up into a storyline and lose track of time – I love pouring over tech reports and stats that come across my desk. Most of the websites that I look after have one or more mechanisms in place to protect them. They may have a firewall or cloud protection and many have monitoring that lets me know if something untoward is happening. And because of my tech bent, I’m aware of certain security threats out there and am actively working to be proactive. This is not a perfect solution.

Although there are exceptions, in my experience, sites that are hacked are not kept up to date and are not looked at regularly.

I know I do better with graphics and indications of numbers and sources of threats, so I screen-shotted a small collection of numbers from reports I get from the sites I look after. These screen shots show the numbers of countries or IP addresses blocked (which occurs after more than one attempt to get into a site). Here is a selection:

Two easy take-aways:

The attacks are not only coming from Russia and China
The attack numbers vary widely from day to day and in many cases are quite large.

Lesson learned:

Keep your site’s theme, coding and plugins up to date, or pay someone to do it for you. In today’s world, we need to be proactive about guarding our security – especially when it comes to our on-line reputation as authors – or as a business.

If you are looking to learn more, you can check out the articles here, here or here.

***

Hope you learned lots today and will actively keep your site up to date. If this is something you want me to take care of for you, it is a service I provide and I’d be happy to talk to you about it.

If you found this information helpful, be sure to share with your friends using the little share buttons below. If you are interested in having weekly blog posts delivered to your inbox, but sure to join the 8,000+ folks who have done just that. Look over to the right –> and you’ll find a subscription signup box.

As for work on the book front – I’m in the process of creating a number of workbooks that will be helpful to those of you who like jotting down notes as you learn. More on that soon!

The post I’m not famous – I won’t be hacked…I hope…understanding website hacking for beginners appeared first on Bakerview Consulting.