No matter whether you run a personal blog or a professional website, you will find yourself at some stage, the victim of a cyber attack. These cyber attacks, often referred to incorrectly in the mainstream media as “hacking” can take a variety of forms including:
- DDOS – distributed denial of service attacks engage networks of computers to bombard your server with requests
- Brute force attacks – where the attacker attempts to guess your login details usually using an automated system that can send hundreds if not thousands of requests very quickly
- Malware / spyware – where a piece of malicious code is inserted into your system which allows another person (or a program) to take over your computer
- Ransomware – where a small program activates on your computer, encrypting all your data requiring the payment of ransom before you are sent a key to unlock your own machine.
Despite the relative openness and transparency on the web, few people or firms openly talk about cyber attack. This means it is difficult to gauge just how widespread these cyber attacks actually are and whether we should be personally or professionally concerned about this phenomenon.
Now, each month, creator of the WordPress firewall plugin, WordFence, have begun producing a regular report on cyber attacks. This report collates attack information based on the plugin’s install base (WordPress powered websites and blogs all around the world). And while this is just a subset of websites and platforms that live on the internet, it provides a great insight into cyber attacks, including:
- The IP address from which the attack originated
- Country of origination
- Number of attacks launched
- Types of attacks.
This first report reveals that 13 out of the top 25 IP addresses originate in the Ukraine. France comes in second with 7. As the report explains:Most of these originate from Iliad Enterprises. Iliad is a large organization with many subsidiaries and over 4000 employees. They tried to buy T-Mobile in the USA 2 years ago. The netblock for these IPs is registered to Iliad, but the attacks may originate from one of many subsidiaries of Iliad, like the ISP ‘Free’ in France.
So, how many attacks are we seeing? The report states that there were:
- 63 million complex attacks – attempts to exploit weaknesses in your website code, plugins or database
- 67 million brute force attacks – attempts to guess your passwords and user IDs.
What can you do about your WordPress / web security?
One of the biggest holes in your website / WordPress security will be patches. Make sure you are:
- Regularly patching your site – updating it with the latest changes
- Regularly updating your plugins – turn off the plugins and functionality that you don’t use, and update the ones you do.
There are also some basic security approaches that you should implement, including:
- Complex user passwords – require that your users all have complex passwords that consist of upper and lower case characters, numbers and symbols and have a substantial length (more than 8 characters)
- Put in place a mechanism that blocks users after a small number of unsuccessful login attempts
- Add a web firewall to monitor and protect your code from unauthorised updates.
Why should you care?
Even if you are running a small business, cyber security is an issue for you and your brand. Sites that are affected by malware, for example, will find themselves blacklisted by Google. That means that every time someone searches for your business or tries to visit your webpage, Google will step in and ask you whether you want to proceed to an “insecure” website. And then, of course, there are other issues – from loss of files, customer data and more.
Quite simply, these days, brands simply cannot afford to be lax. The good thing is, that there are a growing number of integrated solutions and plugins for most platforms. Take the time to secure your site and hopefully you won’t have to make the time to clean up a problem down the track.