A website attack can be a heartbreaking experience. Your site may be vandalized and your hard work could be destroyed. You may even lose visitors or revenue —and it’s more likely to happen than you might think, as websites receive up to 50 attacks per day on average.
Cybercrime is a big business and cybercriminals are actively looking to cash in, no matter the website’s size or purpose. Cyberattacks are usually caused by malware, which is software created for malicious purposes. Malware can:
- Slow or crash your website
- Steal data or traffic
- Steal sensitive customer information, such as credit card info or phone numbers
- Cause your website to be removed from search engine results
Malware isn’t just damaging to your website – it can also be excessively expensive. Website downtime costs an average of $427 per minute, and that can quickly add up to a devastating amount for small businesses and bloggers.
You can help your business thrive by protecting your website from today’s sophisticated cyberthreats. Despite the alarming stats above, you may still be asking a lot of questions: Do I really need website security? Is it worth the money?
We know you might be skeptical, so we’re here to help. Below are answers to some frequently asked questions and concerns we hear at SiteLock that will help you understand the importance of website security.
Q: Who is SiteLock?
SiteLock was founded in 2008 with one mission: to protect every website on the internet. With our fast, affordable website security solutions, we find, fix, and protect against malware and other cyberattacks that threaten websites and businesses every day.
Q: What is website security?
Website security gives you the power to protect your website and visitors from dangerous cyberthreats. Some of the tools you can use include:
- Website scanning. A website scanner can check for and alert you to malware and vulnerabilities. SiteLock offers the only website scanners in the industry that can automatically remove malware and patch vulnerabilities.
- A web application firewall (WAF). A WAF prevents cybercriminals and malicious traffic from entering your site.
Q: I thought my hosting provider protects my site. Why should I pay for website security when I already pay for hosting?
Your hosting provider protects the server your website is hosted on, whereas SiteLock protects your website within that server. You can think of the server as an apartment building, and your website like an apartment. The building itself is protected by on-site security, but each tenant must secure their own apartment.
SiteLock partners with hundreds of hosting providers to help protect the websites they host from cyberthreats. As part of this partnership, your web host may provide you with a complimentary SiteLock website scanner designed to find malware and vulnerabilities.
As for the price, a cyberattack costs the average small business $427 per minute of downtime. It can also cost you visitors: 65% of customers who have their information stolen by a compromised website won’t return to that site. However, it only costs SiteLock customers an average of $1-2 per day to protect their websites. By investing in website security, you could prevent much larger losses to your business.
Q: Will switching to another host fix my website security issues?
Hosting providers protect the server space your website is on, not your individual website. In order to protect your website, they may offer additional security products that will help protect your site. However, changing hosts will not address the vulnerabilities on your site that allowed threats to enter in the first place.
Q: Doesn’t the scanner I have already protect my website?
If your host partners with SiteLock, you are likely provided with a complimentary SiteLock scanner. This scanner monitors your website for malware on a daily basis and will alert you if there is an infection. However, in order to remove the infection, you will need to remove it manually, purchase a one-time clean, or upgrade to a more sophisticated SiteLock scanner that will remove known malware automatically. Any malware that the scanner cannot remove will be handled personally by the SiteLock Expert Services team of engineers.
Q: What if I don’t sell anything on my website? Do I still need to protect it?
Even if you don’t run an eCommerce business, you’ll still want to protect your website. Cybercriminals are also interested in other assets, data, and resources besides payment information and social security numbers. These include:
- Email addresses. The email list you’ve worked so hard to build could be a target for phishers and scammers.
- Your website’s traffic. A type of malware called a redirect could automatically send visitors from your website to a malicious website.
- Your keyword rankings. SEO spam is a type of attack that injects spammy keywords and links into your website. These keywords and links tell Google what your website should rank for in search results. SEO spam forces your website to show up in results for the unrelated keywords, while you won’t show up in searches for terms related to your business.
- Your visitors’ attention. Defacements, a type of attack that vandalizes your site, are often executed with the intent to push a political or religious agenda.
Additionally, you might have to rebuild some or all of your website from scratch if you don’t have a clean, recent backup to restore your site. It’s just easier to prevent cyberattacks in the first place!
Q: I’ve never been hacked/I haven’t been hacked in years. Is website security necessary?
Think of website security as insurance for your website. An incident may not have happened yet, but you’ll be glad to have it if the worst happens.
Recent data shows that cybercriminals prefer types of malware that discreetly enter a site and stay hidden. Depending on the type of malware, your website might be infected and you may not realize it. A common and stealthy type of malware is backdoors, which can be used by cybercriminals to enter and re-enter a website at any time. In Q1 2018, 44 percent of infected sites were found to have at least one backdoor file.
Cybercriminals are generally more successful if their attacks go unnoticed, so they often work under the radar to take advantage of a website. Once they secretly enter your website, they can access your data, steal traffic, deploy phishing schemes, and more. Over 15 percent of malware attacks in Q4 2017 sought to exploit visitors for these resources.
Q: Why would hackers target me? My website isn’t popular.
No website is too small or too unknown to be hacked. Generally, cybercriminals don’t have a specific website in mind when they carry out an attack. They can use programs to automatically seek out websites with vulnerabilities that can be used as points of entry to execute an attack.
Vulnerabilities in your website can be dangerous because you may not know about them. Your host will inform you when your website has malware, but they probably won’t inform you if you have vulnerabilities. Comprehensive website scanners looks for vulnerabilities in addition to malware.
Q: My developer takes care of the maintenance of my site. Why would I need website security if I am already paying someone to maintain my site?
It’s great if your developer is able to find and remove malware on your site. However, this can be time consuming and difficult to do with accuracy. Data shows that 1 million new malware threats are created every day, and recent types are sneakier and more difficult to detect. In fact, malware that is disguised, randomly generated, and difficult to detect made up 44 percent of malware found in Q3 2017. A website scanner supported by a database that is updated daily with new malware threats will protect your website with greater accuracy in less time.
Q: Won’t I see or notice the malware on my website?
When you think of a compromised website, you might picture a site that has had its appearance changed, perhaps with a shocking political or ideological message. This type of attack is called a defacement, and since it’s easy to spot, it’s commonly associated with compromised websites.
They are indeed common, having made up 18 percent of malware files in Q1 2018. However, data shows that malware specializing in discreetly entering a site and staying hidden is on the rise. Backdoor files used to control or gain consistent access to websites infected 44 percent of websites in Q1 2018. With a backdoor attack, your website might be infected and you may not realize it.
Some types of malware do show symptoms, however. These may include:
- Spammy links appearing on the site
- New pages or files created on the site without your knowledge
- URLs on your site redirecting to other malicious websites
Q: Don’t search engines tell me when I have malware?
While search engines do flag some websites for being unsafe, they only flag 17 percent of websites infected with malware. That means search engines don’t provide any warning to 83 percent of websites infected with malware. A search engine only finds malware on sites as fast as it crawls them. How often a search engine crawls a site depends on a variety of factors, which means it could be hours or weeks before your site is crawled and an infection is found. By the time Google alerts you, the damage has already been done.
The easiest and most reliable way to protect your website from the latest malware threats is to implement a website scanner, like SiteLock SMART, that can find and remove website malware automatically.
When choosing a website scanner, you’ll want to look for:
- Quality website scanners with the ability to remove known malware automatically.
- A cloud-based malware scanner will scan your website without impacting its performance or taking it offline.
Q: I am not really using my site right now. How could I get hacked?
A website is still vulnerable to attack even if you’re not using it. In fact, if you’re not maintaining your website, it could be even more open to attack for the following reasons:
- Outdated Plugins. Outdated plugins may contain unpatched security issues, which occur either because the patches were never downloaded, or never created by the developer in the first place. In fact, 44 percent of plugins in the WordPress repository have not been updated in over a year. When left unpatched, these issues may cause vulnerabilities.
- Outdated CMS. Over half (52 percent) of infected WordPress websites were not running the latest security patches for WordPress core at time of compromise.
Q: If I get hacked, can’t I just upload the backup of my site?
Restoring your site from a backup can help in the event of a defacement or other attack that makes changes to your website. However, depending on when your backups were created, it’s possible they will also be infected with malware. Additionally, it is important to address the vulnerability that allowed attackers to access the site.
For more about the threats most likely to harm your website, check out our blog on the most common types of cyberattacks.
If you’re ready to protect your hard work now and into the future, give the SiteLock security experts a call at 855.378.6200. They’ll recommend the best products for your website’s needs, and they’re available anytime 24/7.