We have previously emphasised the importance of securing your WordPress site by keeping it up to date. Of course, there’s much more to keeping your site secure, which we will cover in due course. This time, however, we’ll dive deeper into why website security is so crucial by exploring exactly what could go wrong if malicious actors gain access to your site.
Types of attack
First of all, let’s look at some of the most common categories of hacks:
Spam links
One of the simplest reasons for hacking a website is to insert links that point to other sites. These links may aim to drive more traffic to another site (e.g., one that sells products) or improve another site’s search engine rankings (a significant factor search engines consider is how many reputable sites link to it). Alternatively, they might direct people to other, more malicious sites, covered in more detail below.
Phishing pages
A slightly more complex attack is to set up entirely new pages on your site designed to capture people’s confidential information. These pages are designed to look like another site such as a bank in order to trick people into entering their personal login details, which are then collected and used for identity fraud or straightforward theft.
Data collection
Rather than setting up phishing pages to trick people, a hacker might gain access to a site to collect data from legitimate visitors. This could involve accessing data stored on the site (e.g., personal details) or adding code to “listen in” on information entered into the site, including payment information, even if your website never stores that data.
Malware
Another common reason for hacking a site is to force it to host malware in order to try and get it installed on visitors’ computers. This can be done by adding or modifying links that point to malicious files to trick people into downloading them or by running a script that automatically downloads the files once someone visits the page.
Spam email
Hackers will also use compromised sites to send out spam emails. By sending these emails from various legitimate sites, hackers can avoid many email filters set up to catch spam.
Downtime
Finally, the goal of compromising a site may simply be to bring the site down so that legitimate visitors are unable to access it. While most hacks indiscriminately attack any website, downtime usually targets a specific site. This could be in retaliation for something the organisation said or did that the hackers disagreed with or because they fundamentally oppose the organisation’s mission. It might also be done for financial gain, blackmailing the website owner into paying to have their site restored.
The consequences of being hacked
Some of the above hacks have an obvious immediate impact on your site’s visitors. They may be unable to access your site, click on links that lead them somewhere unexpected, have their computers infected with malware, or have their personal data compromised.
Other hacks, like sending spam emails, may not directly affect your visitors since these background processes are invisible.
However, all of these attacks can have catastrophic impacts on your organisation. Depending on the nature and severity of the breach, you could face any number of significant consequences, including:
- A fall in search engine rankings
- Your site and/or email address ending up on block lists
- Immediate loss of income (e.g. if people are unable to donate)
- Long-lasting damage to your reputation
- Legal repercussions (especially if you didn’t take reasonable steps to keep the site secure)
All these consequences can affect your ability to fulfil your core mission and, in the worst case, lead to your organisation no longer being able to function. Minimising your risk profile is therefore an essential part of being a not-for-profit online. If you’re not sure where to start, please contact us for assistance.
Has your site ever been hacked? Share your experience in the comments!