(
EMAILWIRE.COM, April 23, 2014 ) Melbourne, Australia -- While the HeartBleed security issue has hit the news, there is an equally dangerous problem that is quietly causing havoc online. As many as 74% of
WordPress web sites, which means around 15% of all web sites online, are vulnerable to
hackers. And when a web site is hacked, the details stored on it are exposed.
WordPress is the most popular Content Management System on the Internet today. The free software, with which around 20% of all new web sites are built, is comparatively easy to use, and so is widely used by small businesses for blog sites, information sites and eCommerce (shopping cart) sites.
According to WordPress security expert Christine F. Abela, from HackAttacker.com, there are
7 simple checks that all WordPress site owners need to do on their site to help secure it from hackers. Once these 7 basic steps are taken, a web site will be much less vulnerable, and a casual opportunistic hacker is more likely to simply ignore it and move on to the next site.
Failure to carry out these steps can result in a hacker taking control of the site. This can lead to theft of information stored in the site. Or it can mean the injection of programming code to send out spam emails or do other unsociable activities in the business' name. Or it can be the classic "hack" screen in which the site seen by the public is nothing like the business' own site.
Any of these are extremely embarrassing for the business, as it shows they don't care enough about their online security to take the basic steps to protect their site. But unfortunately, Abela says, around 74% of all WordPress sites online don't take these steps.
But the problem goes a long way beyond embarrassment. Having a customer's details compromised can leave the business owner open to law suits. And often cleaning up a hack can take hours or days, and cost thousands of dollars.
"Cleaning up a hacked site is a specialist job," says Abela. "It is not the sort of thing you can simply ask your resident teenager to do, as you can with so many tech jobs. It requires someone who has done it before, and who is experienced with cleaning up databases, emails and viruses."
But prevention is much better than cure, and Abela recommends business owners to take a look at the 7 Basic Security Checks on her web site HackAttacker.com.
"The 7 Basic Security Checks are generally things that the business owner can do themselves, or the person who set up the web site can do. My site not only tells you what to look out for, but also how to fix them. But if you don't have someone to do these checks for you, I will do it for you for free. This doesn't include fixing the site up, but at least you will know how whether your site is among the 74% of sites that are easy to hack", says Abela.
The number of WordPress sites being created is estimated to be around 100,000 a day. Which means that, if 74% are easily hacked, there are about 74,000 new web sites ready for hackers every day. By carrying out the 7 basic security steps, Abela says, a business can make sure the hackers simply ignore their site and move on to one that is more easily hacked.
HackAttacker.com also offers more a comprehensive checklist, as well as a done-for-you service that carries out up to
33 security tweaks that are designed to make a site more secure than 95% of WordPress sites online.
"Only the top sites are this secure. Nothing is going to guarantee a site won't be hacked, but since most hackers are simply small-time opportunists looking to break into sites for a thrill, a site in the top 5% security-wise would only be hacked by someone very professional who is specifically targeting that site. Which is unlikely for most small businesses", says Abela.
With over 35 years' experience as a programmer, Abela is well-qualified to detect and
fix programming hacks. "I have seen, and fixed, a lot of hacked sites over the years," she says. "There are simple situations where someone has broken in and changed the admin password, so they can come back later to cause mischief. Or one a few years ago where a hacker broke into a series of shopping cart sites and changed the PayPal email address to theirs, so they would get the money from sales. And numerous situations where a hacker has injected code so they can use the client's hosting account to send out spam emails."
The best advice Abela has for all web site owners, whether they run a WordPress site or not, is to do frequent backups of their site. This can usually be arranged through the web hosting company. And also, she says, check the site often for signs of a security breach. If a backup from before the breach is available, the web hosting company should be able to restore the backup.
However, if there is no backup available from before the hack, or if the site has had important data updates (such as customer orders) since the last backup, cleaning up the hack is the only option. And that, says Abela, is where a professional who knows what they are doing is needed.
About Hack Attacker:
Christine F. Abela has been programming for 35 years, and building web sites for 15 years. She has detected and fixed a huge number of hacks in WordPress sites and other sites, and says "it takes a programmer to fix a programming hack". She is now offering a service to WordPress site owners to help secure their sites against the most common form of hacks, thus saving business owners a lot of time, money and embarrassment.
Christine F. Abela can be contacted via HackAttacker.com
Christine F. Abela
(858) 480 5067
geckogully@gmail.comSource:
EmailWire.Com![]()
