Watch Out for Web Server Hacking
- Peter Just
- October 26, 2016
Sure, leaked emails are in the news. But your email isn’t the only thing you have to worry about getting hacked. Your website could be vulnerable, too. And a website hack could create havoc.
- Strange email behavior
- Mysterious content popping up on your website
- New administrative users
- Google alerts
If you’re running your website on WordPress, you should be especially worried. In fact, WordPress has issued five security releases this year (so far). We’ve read reports of hackers “leveraging yet another WordPress core file to insert malicious code on hacked websites and redirect traffic to malicious sites.” Not exactly what you (or your members) want to find amid your resource library.
WordPress may be an easy target, but it’s not alone. Website hackers want your web traffic, they want your server power, and they want your transactional data. Take, for example, this new trick to “hijack” websites, even secure ones: hackers abuse web proxy information to monitor—and steal information from—your secure web traffic. Having your website hacked just to muck up your brand is one thing, but when your secure transactions are vulnerable, you’re in serious danger.
What would you do, for example, if your online bookstore were exposed to such a hack? We know of at least one association that fell victim to this exact scenario—credit and debit card numbers, expiration dates, security codes, and cardholder names were compromised.
How to prevent a cyberattack on your association website
Discuss these precautions with your IT team and website host (if you use a third party). Chances are, you can't make your website or web server impenetrable, but you shouldn't surf along idly, either.
- Inventory and monitor all your web servers and microsites
- Keep your software up to date
- Restrict IP access
- Enable two-factor authentication
- Check access permissions—internal and external
- Check for use of default passwords, then change them
- Build a firewall
- Monitor server performance
- Conduct penetration testing
Website hackers take advantage of complacency, commonalities, and casual errors. Don’t shortcut your website and web server security. Learn what to ask your IT team to keep your digital investments safe in our free eBook, The Cybersecurity Watchlist for Association and Nonprofit Executives.