Wordpress is a hacker target

How safe is your WordPress site?

Wordpress is a hacker target

WordPress is a hacker target

Long live WordPress …as long you don’t get hacked.

A huge portion of contemporary websites are built using WordPress but unfortunately it is a ‘soft target’ for hackers. Your WordPress website’s security relies on:

  • Your web server ‘neighbours’ security efforts
  • The weakest login to your site
  • and more

WordPress is ‘easy’ so we get complacent.

Website owners tend to get complacent, or are just too damn busy ‘doing the doing’ to be distracted with geeky stuff like website updates, backups and site security… WordPress reinforces this view too, because it just keeps on running…

Web Builders not Website Maintainers

The other thing I note is that majority of web developers tend to be ‘Website Builders’ rather than ‘Website Maintainers’ beyond occasional design or content updates. WordPress needs much more maintenance attention that older ‘flat HTML websites’

Your Web Host is not a Website Maintainer either

The typical web hosting business is focussed on their infrastructure of web servers and internet connections and likely see WordPress as a problem child because it:

  • Uses considerably more server resource than flat HTML sites
  • Is a potential hacker entry point to their servers

WordPress website owners become a headache for Web Hosts because they need more sophisticated technical support. Even restoring WordPress from backup is much more complex (ie time consuming) than a flat HTML site and not something that a web host can afford resource in their modest hosting fee.

Let’s look at some facts about your WordPress site’s exposure to hackers

The hack attacks you don’t know about

Unfortunately your site doesn’t tell you its being attacked. Many of hacked websites I’ve been asked to fix were hacked for days & even weeks before the business owner realised. Its not a good look when your clients have to tell you your site is hacked

But it is possible to see if your site is being ‘probed’ by hacking software looking for ‘exploits

We use a sophisticated firewall in our Website Concierge hosting which dynamically blocks any suspicious activity. If the ‘bad behaviour’ recurs we permanently block the IP. This chart shows the blocks applied by our firewall in the last 12 months.  Feb 2015 is looking to be boomer month with 680+ permanent firewall blocks (that’s over 22 hacker blocks per day)

Firewall blocks Feb 2015

 Where are the hackers from ?

As we reported in Sept 2013 the vast majority of hackers we see are still from China (by an order of magnitude). Surprising by true.

firewall blocks by country

 Server hack types?

This chart shows the nature of server hack attempts, which reveals some interesting if not frightening information.

  • LF_SSHD (yellow) The majority of hack attempts probe the web server’s Secure Shell (SSH)
    A successful attempt would enable the hacker to take over the web server to destroy not only your website but all other sites on the same server. Website Concierge servers have this service disabled because of the significant risk.
  • LF_SMTPAUTH (green) Hackers are trying to gain access to the email server. That’s right – access to email accounts can be a valuable resource for hackers.
  • LF_FTP (pink) Hackers attempting to access your website via FTP to gain control of it and make any changes they want.

firewall blocks by medium

Brute Force Login attempts

In addition to server ‘back door’ hack attempts, hacking software can attempt to break into your WordPress site through the ‘front door’ – your website login screens. Here the hackers software will cycle through User ID and password combinations to attempt to gain an illicit login.

Admin brute force attempt
The Simple History WordPress plugin enables you to conveniently see these hack attempts. In these examples, the hack software made nearly 37,000 attempts to login in as ‘Admin’ – persistent isn’t it? As a basic security process we delete the default WordPress administrators account ‘admin’ for Website Concierge sites.

Do you have the Admin ID active in your WordPress site ? I’d suggest you should remove it!

simple history admin

FYI www.ip2nation.com says this hack attempt was from The Netherlands

Smarter brute force attempt
This hack attempt was slightly smarter, as it first uncovered a real login name for the site, then tried 263 times to login

Simple History Brute Force attempts

FYI www.ip2nation.com says this hack attempt was from Canada

Security depends on the weakest password

The weakest point of defence for a brute force attack is the easiest password to guess, so are you managing the password strength in your site ? There are some excellent password strength WordPress plugins.

Takeaways

OK so maybe there’s more hacking activity than you might have guessed, what should you do so you can get back to doing the doing without spending too much money.

  1. Get some secure hosting
    Cheap hosting is cheap for a reason. You might also end up with website ‘neighbours’ who aren’t as interested in website security as you. In fact you wont even know who they are…
  2. Invest in some good quality WordPress support
  3. Use a professional ‘website maintainer’ to ensure your WordPress site is
    1. Backed up
    2. Updated regularly
    3. Has security strategies implemented and monitored

 

Diagnosing poor website performance

Why should your website load quickly ?

  • A slow website can impact your Google rankings.
  • A website that is down is also at risk of loosing rankings too
  • Visitors get sick of waiting for pages to load so abandon you and go to your competitors

All very good reasons to have a site that loads consistently fast.

If you think your business website is displaying sluggishly, here’s a few tips on how to diagnose it:

Slow at times

Your web servers might be overloaded at peak times during the day, typically around 10am and 12 midday but this is specific to your industry. Servers can also bog down when they are running backups. Backups are necessary but not if they loose you sales!

Slow Pages

Just a few pages slow? Check for over-sized images on the page, or services loaded on that page that may be dependent on other sites – eg a Social Media plugin etc

Generally just slow

If your site seems slow across all pages, check it using a performance tool.We use GT Metrix website performance testing as it provides a detailed breakdown of page load related issues. Here’s a couple of examples of Performance Summary from GT Metrix:

GT Metrix website Performance Summary gt metrix good

Unfortunately rectifying some performance issues can be very technical indeed.  If the issues are buried inside your website’s CMS then there will be little you can do about it. Contact us if you encounter an issue you can’t resolve.

Coding Bugs

There is a double SEO whammy if your site has coding errors.

  1. Google considers defects as a poor user experience and there is a real risk of you loosing some ranking as a result.
  2. Often coding defects cause the page to take loader to load.

Cheap hosting costs you more than you think!

Be aware that some Content Management Systems (CMS) need more than just your cheap or average web hosting package to perform well.

Providers of low cost hosting work on a commercial model of having lots of sites all on the one server – a thousand sites on one server is not uncommon in these situations. While these hosting packages they might be OK for a flat HTML site, when loaded with multiple WordPress sites there’s a problem especially at peak times which is when you need you site operating snappily to generate sales or sales leads.

The performance problems also stem from the increased use of CMS based websites (WordPress is now used in 21.8% of sites), so even your flat HTML site might be impacted because of all your CMS neighbours on your shared web server – this will load its overall performance considerably.

You might pay 10’s of time over in lost sales for the few dollar you save on cheap hosting…

Find out:

Some of this information was sourced from Zoho Site24x7 website monitoring service which we use for Website Concierge Business and Premium websites’ performance and outages alerts.

 

Speedier site generates more leads especially from mobiles

WordPress and other CMS make it easy to churn out a good looking site easily – but at what price ?

The website load chart below is a case in point. Last Saturday I invested time to tune this puppy to pull it back from up to 20 secs (14 secs average) page load back to under six secs (2.9 average).
Sure there was some images that needed to be optimised but also I also added gzip compression addressed a couple of 404 errors etc.
Quite a bit of work but the end result is plain to see in this page load chart:

Speeding up your Website

BTW this chart and the corresponding page load waterfall (not shown here) is from Zoho’s fabulous website performance and availability reporting service Site 24×7

The site’s home page loads 14 secs faster.
That’s got to be good for visiting sales prospects and I’d expect a drop in bounce rate as a result.

Mobile visitors like slimmer sites?
What these stats comparing before and after the tune up show is that mobile users got more engaged in the site:
Double the Pages per visit and a massive 500% increase in visit duration up from a miserable 27 secs to 2:43 secs average

mobile vs desktop

Are your Web Server ‘neighbours’ costing you sales leads?

McAfee Blocked access to this IP address

Warning Warning Will Robinson…

Twice in recent months I’ve run into issues with my McAfee Internet Security firewall software blocking sites it says are dangerous.  Don’t get me wrong – I really appreciate it because I spend a lot of time online and don’t have time or patience to be wrangling with a website Trojan or other nasty goings in the site.
McAfee throws up this message (IP blurred to protect the innocent)

Goodbye prospective clients

Now I ask you, would you buy anything from a site with this type of warning or contact them to provide services for you? I dont think so!  All the fabulous SEO work or online advertising in the world is not going to convince me to go into that site – along with hundreds of other formerly prospective clients as well…

Its not actually infected

Guess what ? The worst news is that this site isn’t infected… The web host techos dutifully scanned the site and announced they ‘could not find an infection’ and bounced it back saying not our problem!

We dig deeper…

After snuffling around we discovered and pieced these facts together:

  1. McAfee records naughty IP addresses not the web address or URL  as the ‘risky connection’.
  2. This website shared the IP address with 666 websites
    That number is correct folks (The Devils Number) Six hundred and sixty six websites on the same IP
    With bargain basement web hosting services I guess its necessary to scale up like this to recoup investment.
    Its like everything;  You get what you pay for.
  3. I jumped onto a Reverse IP Tools website which listed the plethora of websites (some with URLs that I wouldnt speak out loud in mixed company…)
    Any one of these sites could be the offender that McAfee had detected

The Bottom Line

Here’s the thing.
You can’t normally* control who your web hosting neighbours are, but be assured that if the neighbourhood goes down hill there’s a good chance your website will go with.
On a side note

  •  McAfee have chosen to not remove the blocking for this IP
    The site continues to not see any prospects using McAfee (and possibly others too)
  • The web host wont budge – they don’t see a problem with website. All care. No responsibility

Here’s a Solution

* Sorry – I cant help myself
Succinct Ideas’ Premium Web Hosting Service is designed to specifically prevent this type of website neighbourhood style site contamination.

  • We have a deliberately limited number of sites per server and IP addresses for both performance and security rationale
  • We closely scrutinise and monitor all sites
  • We proactively apply updates to minimum the risk of exploit hacking
  • We employ an Active Firewall to kick out port scanning and brute force login attacks

 

 

Are most hackers from China?

Our Premium Web Hosting service includes an active firewall. Not only does a great job of preventing hackers from compromising your website, it also captures data about them which provides a rare insight to website hackers in the wild, so I thought I’d share some details with you:

Most hackers come from China

Sorry to my good friends over there, but the numbers of smart firewall blocks by country is hugely stacked against visitors from Chinese IP addresses.
Here’s a table of country codes to help you decipher it further.

Im surprised the numbers are disproportionately high and my apologies go out to Russians who I have previous condemned…
Maybe Chinese IP addresses are easier to spoof…  or the IP Geo mapping is wrong… If you have a theory on why so many Chinese blocks I’d love to hear your thoughts…

Blocked visitors by country code

Blocked visitors by country code

 

SSH is the most popular form of attack

This pie chart shows the distribution of attack ‘triggers’ i.e. the type of attack that trigger our smart firewall to say Whoa! to the visitor and block them

My apologies that this is not clear, but it does provide good information

LF_SSH refers to Login Failures via SSH
Secure Shell abbreviated to SSH is used to run ‘old world’ computer screens typically on Unix systems
SSH provides primitive albeit direct and powerful access to the web server. Gaining access to your hosting package via SSH would almost certainly result in your website being compromised, and probably all other sites on the same web server. Most mere mortals would never even consider using SSH, but clearly its popular with website hackers 😉

PS_Limit is the number of times a site was port scanned
Port scanning is the process of scanning to find an exploitable entry point. A tedious process, so port scanning is likely to be performed using specially designed software.

Blocked visitors by attack type

Blocked Visitors by attack type

 

 

 

Page load performance is really about Time to First Byte (TTFB)

Google have inferred that page load performance has an impact on ranking i.e. a faster website gets better ranking, but what’s fast, and how is page load performance measured?

This excellent MOZ article by Mark from Zoompf details a study that provides anwers to these questions

There are some surprising results (like why high performance hosting is really important) and even more surprising non-results – its all about Time to First Byte (TTFB)

Time to First Byte has a measurable impact on ranking in this study

Time to First Byte has a measurable impact on ranking in this study

If you are interested in getting more sales leads from your website, its certainly worth a read…

Why good Web Hosting is critical for your business

Website hosting is the space in the internet where your website exists. Until recently website
hosting was considered a commodity service because it’s cheap and easy to provide. But things
have changed and now the $ you save on cheap hosting could cost you $$$ in sales leads.
That’s why we have introduced a Premium Web Hosting Service for our clients

Business critical

Your website is your virtual showroom.
It’s well accepted that the internet is now a key sales channel for business. When your website is
down, your virtual sales showroom is closed, so there’s no sales leads.
As many businesses have discovered; cheap web hosting can cost your business many times in
lost sales from website down time and poor performance.

Hacker Risk Reduction

Website hacking has dramatically increased and managing your site’s exposure to this online
vandalism is critical. Main-stream hosts have 100’s of websites on the same server, with no
control over site quality. This increases your site’s exposure to hackers who gain entry via a
poorly managed site on the server then compromise yours.
We tightly manage the number and quality of co-located websites, reducing your website’s
exposure to hackers.

Disaster Recovery

In the worst possible scenario we are able to restore your website from a history of backups and
if the entire server fails we can restore to another virtual server within hours – not days.

Performance matters

Slow sites = lost sales
When surfing the ‘net we tend to dismiss slow sites. They are a pain to use and we ‘bounce’ out
of them often missing better products or pricing.
Google doesn’t like slow either
Google recognises this, and now penalises poor performing websites by pushing them down
search results and out of sight of prospective clients.
Modern sites need more grunt
Modern website systems like WordPress are becoming very popular as they are easy to use and
provide a great library of functionality for your site. Unfortunately these systems can be resource hungry and will slow a web server down
particularly if that server is already heavily loaded with multiple websites.
Our servers are based on brand new, high performance, purpose built server systems. We
proactively manage the number and quality of co-located websites and monitor performance to
ensure your website enjoys a genuinely premium web hosting service.