Image Credit: www.elbpresse.de
A client asked me recently why anyone would want to attack his “little website”. Most attacks aren’t personal, they are typically not after your website, they are after the computing power of the server your site is hosted on. The usual motivation behind these attacks is sadly the most common of all, profit and greed. The majority of hacking attempts are an automated activity. Other hacked websites are running code to try to automate the process of hacking yours if you’re vulnerable.
Everyone is at risk and needs to take steps to secure their websites and online accounts. A strong password is an important part of a strong defense. Last week in the Wall Street Journal, the president implored Americans to go beyond simple passwords and start using two-factor authentication or cell-phone sign in. I also suggest using a strong and reliable password manager like LastPass or 1password. Nothing online is 100% secure, but users can help keep their accounts and websites secure by using strong passwords and changing them several times a year.
If your website is running on WordPress, you will find the following information released today by Wordfence of interest. One of the things they monitor is the number of brute force attacks on WordPress sites. Brute force attacks are password guessing attacks, where an attacker tries to sign in as you by guessing your password. Over a 16 hour window, they gathered information on brute force attacks on sites using their services. According to this blog post, Wordfence says;
“We saw a total of 6,611,909 attacks targeting 72,532 individual websites. We saw attacks during this time from 8,941 unique IP addresses and the average number of attacks per victim website was 6.26.”
Be proactive and build a strong defense. Use strong passwords, and change them frequently (see this article on the risks of re-using passwords). Consider using two-factor authentication, see here for a list of sites that support two-factor authentication. The Google Authenticator app can be used to secure more than just your Google account.
If you have a WordPress site there are several other steps to making your site more secure. Contact me for information on my Security Audit and Lockdown service.