I’ve gained a new SuperPower – I can see hackers attempting to break into websites. No I wasn’t bitten by a radioactive spider or zapped by an alien – all I had to do was install the WordFence plugin for WordPress.

…and now that I see the enormous amount of hacker activity, it’s frightening!

WordFence has revealed that my client’s sites are being peppered almost continuously from would-be hackers across the globe, and the chances are, so is your website.

Here’s just a couple of the hack strategies being used to break into sites based on the Wordfence firewall reporting:

Brute force attacks

Attempts to guess a userid and password and log into the site. Some hackers have managed to lock onto a login ID’s and now are trying 1,000’s of different password combinations to break into the site.

The lesson here is to:

  • Ensure you are using secure passwords
  • Give users the minimal level of permission needed
  • Remove unused user IDs

Trolling for known exploits

I can see hackers also probing sites for ‘known exploits’ such as the Revolution slider exploit which very publically brought Mossack Fonsec’s tax avoidance business to its knees Read more here

The lesson here is to:

  • Keep plugins, core software & themes up to date

Keep in mind that this activity is not from a person furiously typing at their keyboard, but from 100’s or even 1000’s of disassociated people who purchased and are operating hacking software. The software runs day and night, loaded with all known exploits – once it breaks into your site, who know what will happen.

Other hacker entry points

The frightening adjunct to this story is that WordFence can only sees the ‘public facing’ hack attacks to your website. As previously reported hackers are also targeting other entry points such as your web hosting account eg smtp (email) ssh (host console) and more.

If your web host is not actively managing the security of these systems your business web site is at risk of being hacked/vandalised/defaced or worse, visitors to your site unknowingly getting a computer virus infection.

Concerned? Call me.

If this is a concern for your business contact me to discuss our WebSite Concierge service.