,

How Do Websites Get Hacked?

Wordpress Security Management

Google blacklists around 10,000 websites every day for being hacked, removing these sites from their search results. But why? Because these sites are now setup to download malware to visitor computers, exposing them and the things they then access online to countless problems.

The Truth About How Websites Get Hacked

Website security boils down to how the site is managed! If you let a website sit without proper security support then its’ odds for being hacked are multiplied. In fact, security is necessary with any software online and what follows will serve as necessary information for why WordPress outperforms all other website solutions! When it comes to security concerns with WordPress the issue is more upstart website solution companies trying to discredit it as a competitive tactic then any weakness. WordPress is, after all, the dominant market share solution for business websites making it the target. 


Why is WordPress the website solution leader, ‘open source’ or proprietary?

To start, it is without rival for choice of sophisticated theme (= design) or plugin application (= functionality) choices. WordPress, due to its unified worldwide support, also identifies vulnerability to hack faster than any other solution ever has or could. Versus proprietary content management (CMS) solutions, ‘the power of many’ vested interests proves to be better faster! And unlike proprietary solutions that prioritize their own business first, WordPress allows a marketer to OWN its’ website and accumulated digital web footprint. A marketer is never trapped and can move her website from host to host whenever needed.

Month over month WordPress creators (i.e. plugin application, website theme and core WP code) deploy updates, which may include new features or security updates AND so it requires some management. Often that’s a simple click of a button, but in some circumstances help is necessary. If so, there is never a lack of WordPress support and a timely manageable fix! Themes and plugin applications should be researched, for instance via the WordPress Codex and Envato marketplace. Both offer in- depth reviews, commentary and vetting for a ‘best case scenario’ when searching any business website requirement. Needless to say, Kinetic Knowledge supports general management, development, design and website security for hacked WordPress website owners. 

On WordPress Security: Matt Mullenweg, co-creator of WordPress

“As the most widely used CMS ( Content Management System ) in the world, many people use and deploy the open source version of WordPress ( WordPress.org ) in a sub-optimal and insecure way, but the same could be said of Linux, Apache, MySQL, Node, Rails, Java, or any widely-used software. It is possible and actually not that hard to run WordPress in a way that is secure enough for a bank, government site, media site, or anything.”

How To Avoid Being Hacked

At least for WordPress users, which is the lion’s share of business websites on the World Wide Web today, management should understand this ever- emerging threat of hacks including:

  • responsible local computer use, so the PC itself doesn’t become the vulnerability;
  • sincere respect for protecting usernames & passwords, encrypt them with non- dictionary based words and include a combination of lowercase & capital letters, numbers and/ or symbols;
  • knowledge for what different host & service packages do and do NOT offer; cheap shared plans won’t support much; whereas, a good managed host plan may;
  • prioritized attention for WordPress upgrade(s) execution;
  • (equally) prioritized attention for plugin application and theme upgrades;
  • a VERY conservative approach for what 3rd party applications are allowed into the website, DO NOT just load up every cool thing that comes down the pike;
  • protective software like, for instance WordFence, that protects in real-time by blocking identified attacker IP addresses from WP websites all over the world;
  • protective software that perpetually scans for Malware, Viruses and security vulnerabilities; that also helps to remove it and a reliable firewall AND THEN FINALLY
  • HT Access protection to lock out any outside access to particular files in the website’s database.

As mentioned above, we support hacked WordPress website owners

Website Hack Types

Sometimes the result of a website hack is

  1. the site is taken over and used to promote drugs, porn’ or other things via ;
  2. the site’s host is used to generate email SPAM which also typically gets the domain blacklisted;
  3. a page that has subtle maybe hidden links placed, links no one would knowingly add in their own pages, AND
  4. worst case – the website is used to load malware on to all visitor computers.

Hacked Website Warnings By GoogleGoogle Chrome Hacked Website Warning

Even more troubling for business owners, when Google (because it crawls all websites) identifies a hacked site its’ Chrome browser will discourage anyone from visiting it with big red warning signs. “This site may download malware to your PC, advance at your own risk!” is basically the message. Even worse, Google shares their ‘hacked website list’ with most other browsers too, so no one should expect to slide by with the folks coming in from Safari or Firefox either. And truthfully, thank goodness for Google’s efforts … or we’d all be in a lot of trouble.

Kinetic Knowledge offers WordPress Host Management services that can help service & protect against these very issues.

Revolution Slider: Widely Used WordPress Slider Plugin Application Hacked!

The Revolution Slider application for WordPress was temporarily unsafe a few years back and rumored to have allowed over 100,000 websites to be hacked. While it was fixed and the upgrades were released rapidly, people should know that its’ upgrade management in most cases did not come rapidly if at all … AND THAT WAS USER ERROR! WordPress was not the problem, and while the plugin was a temporary problem, the longer term problem is the site owner that fails seek out WordPress support that manages updating. Anything less than thorough software management nowadays is a big potential problem.

NOTE: The web and its great tools are advancing with or without us! And folks, typical “shared host plans” DO NOT update or manage your website software! $10- $25 a month likely doesn’t cover that kind of support.

We Support Hacked WordPress Websites – Business Website Hacked | Business Website Cleaned

Hazardous MaterialsWhile we see it quite often nowadays, more recently a company approached us about their (GoDaddy shared host plan) WordPress website. They were in a state of emergency because the site had been hacked! And to add insult to injury, Chrome (Google’s browser) was warning all visitors to avoid their Malware infested site … OR risk personal harm. A little looking around showed the website was a year or two behind on its core WordPress updates, including updates to a particular plugin known to have a massive vulnerability ( i.e. Revolution Slider ). The site’s management had been poor and, as a result, it had been identified as vulnerable, hacked and loaded up with malware!

The addition of malware detection software, a series of WordPress & WordPress plugin upgrades, the removal & replacement of the before- mentioned slider application and then a series of scan projects allowed for this website to be rid of its’ malware. The site was then both submitted to and accepted by Google in good standing, which happened quickly. And for this company, it was a temporary traffic & sales death penalty not to mention a completely nerve- racking experience.

Believe it or not, it happens every single day. Microsoft, Twitter, Facebook, Drupal, NBC … the list goes on … have all been hacked! Unfortunately, it may be happening to you right now and you just don’t know it yet. These hackers deploy bots to crawl the web and look for vulnerabilities in website, database or application(s) code that allows for invasion with their malicious code. All day long these nefarious bots crawl the world wide web and search for these vulnerable websites. When, for instance, a vulnerable application is identified they pounce… so unless you wish to manage it, best to look for Specialized WordPress Management Host Services.

Website Contact Form Email Not Arriving In Inbox?

Website Contact Form Use And Settings

 

When a website contact form is filled & submitted, that submission’s information is emailed to the address assigned in the form’s settings. And while email is convenient for busy people, there is always another reliable option: a website owner can login and review contact form submission messages in the website dashboard. For that option go to ‘Forms’ then to ‘Entries’ and all submission messages will be listed in reverse chronological order; however and with email being the preferred option, there is a common situation where something about the incoming email trips up email host spam & blocking filters. So let’s look at why and how to deal with it.

 

What To Do When Email Notifications Fail To Arrive In Inboxes

wordpress website contact form email notifications

What should a business do if it is not receiving contact form email in a specific inbox?

1. First, check Spam folders for in case messages are being routed there. Like it or not, we have to own our spam files day to day.

1. a) If good messages are in a spam folder then mark as “Not Spam” using whatever option the email provider offers in order to prevent form entries from landing there again.

2. If the email are NOT in Spam, then login to the website and check to be certain the correct receive- email address is assigned in the form settings. Often, in the heat of design and development, an address is setup based upon logic at the time. In many cases, that email address later proves to be wrong for this purpose.

2. a) Also double- check the “Email to” field to be certain its entered correctly. If not then correct, re- set the app and test!

3. Because the issue may lie with the email hosts’ definition of spam and/ or its’ spam blocking setup, a business may want to have the form set up to email multiple addresses. If so, be sure to separate each address with a comma.

3. a) Once multiple addresses are setup, test the form and check each all email inboxes. If any receive an email it proves the contact form application works and the email host is the issue. 99% of the time we find this is the case because the apps work – its’ the email host who’s random definition of spam setup that is the issue.

4. Regardless of all the above, it is always pro- active to have the email inbox host whitelist both a) the website host IP address and b) the website/server/contact form host email address.

Delivering contact form email can be tricky and there are situations where incoming email is blocked by its’ host. Worse, the email host is less than cooperative in troubleshooting the issue. If contact form email notification messages do not arrive in the Inbox of choice or its’ Spam folder and the email host claims the website form application is at fault, well then a logical course of action may be to switch email hosts. If so, we recommend Gmail; preferably Google Apps class Gmail.

How Important is SSL To Your Business?

It Has Become An ‘SSL World Wide Web’!

So, how important is SSL (SSL/ HTTPS defined) to your business? Back in 2014 Google announced that SSL, or HTTPS rather than HTTP in your page URLs, would be used as a ranking signal. And the truth is it likely represents one lower weighted signal (Google uses up to 200 depending on how competitive a subject is) that has just a little effect on SEO. For those of us ‘splitting SEO hairs’ every single signal matters, but in fact activating HTTPS will hardly change keyword rankings.

HOWEVER BE TOLD, SSL matters a great deal to business!

secured by SSL = HTTPS

 

Protects People When Browsing Websites Online

Rankings explained, a business owner must be concerned with online user experience. Prospective buyers must not only feel safe when visiting a website and exchanging information, but when they are buying products or services. Several browsers NOW show visitors an ‘ i ‘ or a ‘not secure’ message when your website does NOT have an SSL certificate and/or an HTTPS connection. It’s discouraging to them to these warnings, at best.

After all, gaining the trust of visitors who may become future customers is everything. If they do not become immediate buyers just their visit time, their sharing to social networks and/or even their linking to pages from their own websites are all important SEO signals!


Google Has Become Adamant About Being SSL!

Come July 2018, Google Chrome, which is the world’s most popular web browser, will start marking ALL websites as ‘ i ‘ insecure if they are not HTTPS. So it’s inevitable that we are going to be in an all SSL = HTTPS world wide web soon.

And so, it is incredibly important websites make the switch to HTTPS. The process of setting up an SSL can be confusing and even frustrating- so let us know if you have any questions and/ or need assistance.

 

RELATED INFORMATION POST

THE 4 AREAS OF SECURITY YOU MUST MANAGE!

Own Your Domain!

Domains (= URLs) Are Valuable Business Assets


We see a lot of confusion over domains and how to manage them, including not managing them at all. Often business owners either don’t know where they have registered their domain(s) or worse have asked someone else to buy them. In some cases the affiliated email records are set up for the same domain making matters (potentially) even more difficult. 
Domains are such valuable business assets we felt compelled to support, so folks understand a little bit more about their domains. In our view and no matter what, you want to be in control of these important business assets. If you allow anyone else to control or own your domain, well then then it is NOT really yours … is it?
 
To begin to understand it really starts with the fact there is a universally accepted need for web standards and organization. Without standards nothing could ever be done safely or efficiently. So here are a series of definitions to help with any confusion you may have about your domain, which obviously relates to what you do online:


Domain Definitions List

 
Domain Name
Domains are names associated with a particular IP (i.e. Internet Protocol) address, and that translates to a unique sequence of numbers. To make a physical parallel think of it like this: there’s only one location for 100 Main St. in any given town and one person owns it. On the Internet the domain name kineticknowledge.com might translate to a unique number sequence like 123.123.123.3 AND only we own it. That number is inaccurate, by the way, but the point is … to a browser kineticknowledge.com looks like a unique set of numbers.
 
Domain Registrar
Domain registrars are companies authorized to sell domain names available for registration, or better yet … not yet owned by anyone else. GoDaddy & Network Solutions are well known registrars. They also sell domain hosting services to support websites, email and text.
 
Domain Host
GoDaddy & Network Solutions are also domain hosts, meaning they run DNS servers for the organization of registered domain(s). These DNS servers also support a domain owners ability to manage different records affiliated with their domains. For instance a domain name record is an ‘A Name Record’; for sub domains a C Name Record; for email an MX Record and even for text there’s a Text Record. They will also host your website and email for a fee. 
 
DNS
DNS stands for Domain Name System. This ‘system’ is set up to safely organize domains. It’s kind of like the phone book of the web where, when you look for a NAME, that system identifies and then translates it to a ‘number sequence’ you can call. With the help of registrars, the DNS translates a URL or web address (i.e. https://kineticknowledge.com ) to the affiliated IP address, which is also a sequence of numbers (i.e. 123.123.123.3). 
 
MX Records
Your URL or web address can be used for email (i.e. support@kineticknowledge.com). MX (i.e. Mail Exchange) records are DNS settings associated to a domain in order to direct its mail to servers hosting  a users’ mail accounts.
 
And then while we’re at it …
 
 
Internet
It’s a network of interconnected computers. Computers worldwide!
 
Web
It’s an Internet application that supports getting people to websites. 
 
Browser
Is an application for retrieving & presenting specific web pages. 
 
Search Engines
They constantly crawl and consume all the information on web pages they possibly can, in order to prepare an updated index for when people search. The goal is to help people reach the current information that exists on web pages, as accurately & efficiently as is possible.