This Site May Be Hacked
“This Site May Be Hacked” are words no webmaster or SEO manager wants to hear. As if a breach to an enterprise’s website (and the financial cost and public relations fallout associated with it) is not bad enough, a website hacked with malware or spam can cause an entity’s organic search engine rankings to take a nosedive. As one of the objectives of an effective SEO plan is to obtain and then maintain a presence on the first page of a web search query, compromised websites that feature viral links to a hacker’s site, or hacks that result in the quarantining of a website, can have a devastating effect on an enterprise’s SEO.
To understand how hacking can damage an enterprise’s SEO efforts, it is helpful to first understand what a website hack is, and how it most commonly occurs. Simply put, unauthorized hacking is defined as obtaining access to a website or computer network without the permission of its owner. Illegal hacks are typically initiated for the purpose of accessing protected information, or for using a legitimate website as a conduit to redirect users to a hacker’s website. The two primary tools used by hackers to compromise a website are malware and spam.
Malicious software, or malware, is designed to damage, disable, or otherwise grant an unauthorized user access to a computer, system, or network. Malware is most often used to covertly siphon sensitive information, resulting in a data breach. The ramifications of a malware hack on an enterprise’s website can be serious and far reaching.
Illegal hackers are computer programmers or engineers who use their knowledge of software and operating systems for nefarious purposes rather than for good. These hackers dissect computer programs to identify vulnerabilities within existing software, and then create a new program (malware) with the sole purpose of exploiting those weaknesses. A hacker will distribute this malicious software across the internet, where it will automatically search the web for sites using the vulnerable software. If a site is running the targeted software, the site is attacked by the malware, which discreetly embeds itself into the operating code, giving the hacker access to the system. With control of the system, the hacker has the potential to harvest sensitive data critical to an enterprise’s operations, or to begin spamming from website.
Website spamming occurs when a hacker inserts hypertext on a webpage that, when selected by a site user, links to the hacker’s desired destination. Embedding spammy links on highly trafficked websites to redirect users to a hacker’s site increases the hacker’s search engine rankings, without having to do the honest, expensive, and time-consuming work of marketing and brand-building. Essentially, website spammers are the bad guys who use the good guy’s hard-earned SEO rankings and positive reputation to shortcut the system as a way to increase the perceived value of their own site, while diminishing the ranking value of the guy who has played fair.
Consequences of a hacked website
At the end of the day, whether a website has been hijacked by malware, spam, or a combination of both, the results are never good. If a malware infection targets data base files containing the personal or financial information of the enterprise or its clients, the resulting security breach can be devastating. Spammers that leech traffic and customers from a legitimate website can exact a high cost on an entity’s search rankings, which in turn means fewer organic visitors to a site, potentially reducing revenue for an enterprise.
Google and other major search engines construct algorithms to automatically recognize sites infected with malware. While this proactive approach to identifying viral websites is great for the search engine user, the result for an unwitting entity whose site has been hacked is that the search engine will quarantine a website that the algorithm deems as compromised. Quarantined websites come with a warning to search engine users to avoid clicking-through to the blacklisted site, as it contains content from a known malware distributor. As a result of the malware infection warnings, blacklisted websites are estimated to see a drop in traffic on the order of 95%.
Malware infections can not only be time consuming to repair, but can also prove very costly to an enterprise, in ways both tangible and intangible. Each day that a website is quarantined or offline in order to trace and remove malware, translates to another day of losses for the enterprise with respect to customers, revenue, and the public’s trust. Further delays can occur after malware and spammy links have been cleaned from a site. Search engines must verify that a website is no longer compromised before rescinding its quarantine status, a process which can take up to a couple of weeks depending on the size and complexity of the website in question.
Prevention is the best medicine
Benjamin Franklin is attributed with saying, “An ounce of prevention is worth a pound of cure.” And while the quotable Mr. Franklin never knew of websites, hackers, malware, or spam, his idiom on the importance of being proactive can certainly be applied to the digital age. So, what is the formula for preventing a website hack from occurring in the first place?
UPDATES + BACKUPS + MONITORING = SECURITY
Running outdated software is consistently the number one reason that website hacks occur. Hackers focus on creating malware that will hit the greatest possible number of targets. Further, hackers are keenly aware that human nature is such that installing software updates tends to be a low priority for most people. If a hacker writes malware or spam code for a popular software to exploit a fault that an update is designed to fix, a hacker will gain access to countless computers, due simply to the statistically high number of users that fail to install updates in a timely manner.
Consider the example of WordPress. WordPress is an open-source software that is widely used for building websites. Its popularity is attributable to its stability, reliability, and ease of use. WordPress aggressively tests its software for vulnerabilities, and regularly releases updates to repair for shortcomings. But because WordPress is open-source, these faults become public knowledge when updates are released. Playing to the human propensity to procrastinate, hackers will then design attacks that target the core software loopholes that the updates are designed to repair. When an enterprise that is running WordPress is lax in installing updates, they are as good as hacked.
Not unlike installing software updates, creating backups on a regular basis is another mundane but important task that is too often overlooked. In the same way that is it important to backup one’s local, desktop files, creating a periodic backup of a website is of equal urgency. For websites using WordPress, backups are made easy with plugins that work with major cloud-based storage services. Key to having a clean, securely stored copy of a website is to ensure that backups are regular, automatic, stored off-site (not on the same server as the operating version of the website), and redundant (multiple copies maintained simultaneously).
While the importance of installing updates and running regularly scheduled backups for a website cannot be understated, it remains essential to supplement updates and backups with real-time monitoring of website activity. Investing in a reputable and reliable monitoring service that will watch website traffic, recognize questionable activity, and proactively repair issues before they become real problems represents resources well spent.
At times, it can seem as if hackers have the upper hand in the never ending struggle to protect and maintain the integrity of one’s website. Having a knowledgeable IT team to skillfully manage your enterprise’s website is the essential component for both protecting your website, as well as utilizing it as the tool that it is to maximize the exposure of your entity, increase the value of your brand, and grow your enterprise.
CourseVector is a web design, SEO, and hosting company that addresses all the pieces of the web marketing puzzle. With an experienced staff that has been designing, creating, and fixing websites since 1989, CourseVector brings a wealth of internet knowledge and experience to bear on the operation of a successful website. CourseVector takes the time to get to know you, your entity, and your enterprise’s needs and goals, and then works within your budget to create, implement, and service your website, balancing the requirements of security with the goals of effective SEO.
CourseVector can design a website from scratch or convert a non-WordPress website into one that uses the WordPress Content Management System. CourseVector hosting services focus on proactive website management and security, providing essential and timely software, and security updates and backups that are supplemented with 24/7 monitoring.
If your enterprise is struggling with how to maximize its online presence, CourseVector has an impressive SEO track record. Rather than pursuing a quick-fix path that falls short of producing effective SEO results, CourseVector focuses on long-term web marketing strategies that return real SEO improvements that are maintained over time.
Whether your enterprise has a website or needs one, if your website has been hacked or your finding it hard to keep pace with site security demands, or if you are new to SEO or have an SEO program that is not returning results, CourseVector is ready to help. Contact CourseVector for a complimentary SEO Marketing Analysis, and see the difference a website that is designed, hosted, and optimized by CourseVector can make for your enterprise.