Malware lurks on 17.6 million of the world’s websites—and many users have no idea their site is infected.
Among the most obvious signs of malware infections are hosting suspensions, website blacklisting, and redirects to malicious websites. While these examples are simple to spot, other attacks go largely unnoticed—because it’s easy for malware to hide among lines of legitimate code.
Most people know what malware means. Fewer people know what it really is—or how it gets onto their sites.
“How does malware work?” and “Why is malware used?” are all-too-common questions. If we know one thing, it is that a lack of knowledge on the topic causes major problems. According to recent data, it is estimated that 17.6 million of the world’s websites are infected with malware.
Understanding where it comes from and how it works are the first steps to securing your site. So, how does malware work? Here are a few ways it can infect your site:
Cybercrime continues to grow at an alarming rate, and is predicted to cost the world $6 trillion annually by 2021. As a hosting provider, you are not only indirectly responsible for websites targeted by cybercriminals, but your business can also suffer as a result of cyberattacks. If left unchecked, these attacks on websites can drain your internal resources, degrade customer experiences, and ultimately cost you money.
In this post, we will examine website security statistics that impact your hosting business, including those relating to attacks on websites, CMS platform updates, and bot traffic. From there, we’ll examine how you can mitigate these negative experiences and turn them into an opportunity to grow your business.
As the frequency of attacks on websites continues to increase, both your clients and your hosting business are at risk. In fact, an estimated 12.8 million websites are infected with malware right now, based on SiteLock’s analysis of 7 million websites. In addition, the average website experiences 94 attacks each day.
Three trends that are most concerning, as they relate to attacks on websites, for hosting providers are the use of backdoor files, malicious mailer scripts, and the number of sites being blacklisted.
SiteLock’s latest website security statistics also indicated that 65% of these infected sites had at least 1 backdoor file, which grants attackers continued undetected access to website files or databases. This means that even if a hosting provider or website owner removes malware from the infected website, a hacker can infect the site again through the backdoor file.
For the customer, this is a frustrating experience because it appears that their site keeps getting reinfected and the host is not able to resolve the issue. And this situation forces hosting companies to invest more time and resources to field service calls from customers. If you service 1,000 websites, you can expect to spend around 600 hours or about $20K a year on addressing minor security questions. If a larger issue occurs, you’ll likely spend two to three times the money.
A second website security statistic of concern to hosts is 12% of infected websites contain malicious mailer scripts that use client website resources to send out mass amounts of spam email. This increases the chances of your server IP addresses being blacklisted, which can result in your clients’ email being blocked on that server. In addition to triggering a flood of calls from angry customers about their email service, these spam messages also drain your server resources, which can slow client website speeds.
Another website security statistic that impacts hosting providers is the number of websites being blacklisted by search engines. According to SiteLock data, the number of websites blacklisted by search engines is on the decline, which means that your clients can’t rely on search engines to notify them of website infections. That’s because when a client’s website is blacklisted, it won’t show up in search engines. If your customers’ websites are blacklisted, there’s a good chance they will wonder why they’re paying you for hosting when you can’t even ensure their website remains online.
The same CMS platforms that make the development and maintenance of a website
accessible for millions of people also pose a major threat to hosting providers.
Many individuals build and manage their websites with CMS platforms such as WordPress, Joomla! and Drupal because they’re free, easy to use, and highly customizable. However, open source applications require regular core, theme, and plugin updates to remain secure. SiteLock website security statistics revealed that only 68 percent of WordPress sites were running the latest WordPress core version in 2018. This means that one third of all WordPress sites were vulnerable to attack.
While a consistent commitment to website security updates is essential, only 42% of website owners reported updating their applications monthly. This means that hosting providers who don’t monitor client sites to ensure their CMS platforms are up-to-date are more susceptible to frequent attacks on websites, which can damage their reputation.
According to research by StopBadware and Commtouch, 28% of companies whose websites are compromised consider moving to a new provider, which results in a loss of customers and revenue.
Another growing website security issue impacting hosting providers is bot traffic. A bot is an automated program that completes simple, repetitive tasks at super-efficient rates. They fall into two major categories: good bots and bad bots.
Good bots are used by search providers to help with indexing websites, while bad bots are used by cybercriminals to identify websites with security vulnerabilities. They can then exploit these vulnerabilities to launch malware attacks on websites. A SiteLock study of 60,000-plus sites found that each week, more than 141 million visits to these websites were from malicious or suspicious bots. Since bad bots are proliferating rapidly, hosting providers should know how to protect their clients’ sites from them.
The impact bad bots have on you and your clients’ websites are significant, beginning with a drain on resources. Bad bots tax the web server, which can lead to increased bandwidth costs and a performance breakdown on the server.
More than ever, this extra performance matters. If a website loads in five seconds or less, your client’s business will enjoy 70% longer average sessions, and 35% lower bounce rates, according to research by Doubleclick. This means that by protecting your clients websites from bot traffic, you ultimately help ensure their success and satisfaction.
As these website security statistics demonstrate, it’s crucial for hosting companies to take action to protect their clients from cyberattacks.
As the host, clients rely on you to keep their website secure. This is both a serious responsibility and a major growth opportunity.
By partnering with SiteLock, you can tap into this area of growth, while improving client retention, reducing overhead, and setting yourself apart from competitors. And you also send a powerful message that you’re committed to protecting the website security of all your clients. Contact us today to learn more about the potential of partnering with SiteLock.
According to recent data, a whopping 17.6 million of the world’s websites are infected with malware. You may be wondering: How can you tell if you have malware? And once your site is infected, how can malware be removed?
Here, we’ll answer both questions—showing you how to delete malware from your site and defend your digital presence.
Malware is a type of malicious software designed to gain unauthorized access to your website—and attacks are more common than you might think. Malware attacks stem from bots scanning websites for exploitable vulnerabilities. Websites endure an estimated 94 attacks per day averaging out to one attack per 15 minutes. About 12.8 million sites worldwide are infected at any given time.
How to prevent malware from infecting websites built with CMS
Wondering how to prevent malware attacks? The answer depends on how your site is built.
WordPress is the world’s most popular content management system (CMS), powering over 38% of the internet’s websites. Given how easy it is to use, it’s no wonder people love WordPress. Before committing to the CMS to power your own site, you may be asking yourself: “Is WordPress secure?”
Put simply, WordPress is secure right out of the box, but becomes vulnerable to attacks if features like plugins and themes aren’t kept up to date. When determining how to improve WordPress security, here are three factors to consider:
If you’ve landed on this page, you’re likely asking yourself, “Is my WordPress site not secure?” Luckily, we have some tips. When maximizing your WordPress site’s security, updating its themes and plugins is paramount. It shouldn’t be a question of if or when, but how frequently. A regular update schedule can save you from WordPress security issues that may include:
The benefits of a secure website are clear and critical: data breach prevention, business continuity, protection from financial fraud and legal penalties, and the freedom to focus on your core business goals instead of dealing with security headaches.
However, comprehensive business website security solutions also delivers some benefits you might not expect—including some that can help generate substantial business impact.
When securing your WordPress site, prevention is better than a cure. It’s better to build a strong defense against bad actors than undo the damage they cause.
Here are some best practices when determining how to make your WordPress site secure.
Out-of-date plugins are one of the biggest threats to a WordPress site’s security. Even disabled plugins pose a threat if they aren’t updated. When deciding how to secure a WordPress site, update the plugins you’re using and completely remove plugins you aren’t. If you change your mind, plugins can be reinstalled with minimal effort.
WordPress powers 38.8% of the world’s websites. That’s a total of 455 million websites as of 2020—and the number has only continued to grow year-over-year. The statistics may be staggering, but they’re not all that surprising.
WordPress provides a free, open-source platform for website owners and builders alike, offering a range of themes and plugins that make it easy to use and simple to maintain. However, these perks don’t come without weaknesses. The open-source nature of the platform and its many plugin options pose some security risks, ones that many owners fail to account for.
From the top preventative measures, you can take to the best WordPress security plugins you can install, here’s everything you need to know about optimizing the security of your site.
Powered by WordPress & Theme by Anders Norén
