Contact
Free web scan
Sitelock Blog

Website Popularity Can Result In More Cyberattacks

Today, over 760,000 websites are breached each year. However, only 6 percent of website owners use proactive website monitoring for suspicious activity, while 84 percent don’t find out about cyberattacks until after they’ve been compromised.

Posted in Cyber Attacks and SiteLock Research
October 12, 20164 min read

The problem at hand is, website owners might not be aware of all potential security risks when it comes to their websites. For example, the more complex and feature-rich a website is, the more likely it is to be compromised. In this blog we compare celebrities to websites to help illustrate the correlation between website popularity and an increased likelihood of cyberattacks.

Comparing Celebrities to Websites

Celebrities want popularity. The more popular they are, the more money and fame they have. Much like celebrities, you want your business to be as popular as possible, so you add features to create a highly interactive and engaging website. But is being popular always a good thing?

Celebrities use social media, personal websites, custom apps and emojis to interact and engage with their fans. But even fame has its drawbacks. The paparazzi are constantly trying to catch celebrities in a compromised state.

Similar to celebrities, you aim to increase your website’s popularity and traffic by adding features like, social media icons, SEO plugins, SEM tools, and website analytics. But even the most popular websites fall short. The features that add complexity to your website could inadvertently be increasing your likelihood of a cyberattack.

What is Your Website’s Likelihood of Being Compromised by Cybercriminals?

Your website is 1.5 times more likely to be compromised than the average website if…

  • Your website is powered by WordPress
  • Your website links to your Facebook and Twitter accounts
  • Your website links to your Twitter account and you have 100-500 Twitter followers
  • Your website has 1-5 plugins

Your website is 2 times more likely to be compromised than the average website if…

  • Your website is powered by Drupal
  • Your website links to your Twitter account and you have 500-10,000 Twitter followers
  • Your website has 10-20 plugins

Your website is 2.5 times more likely to be compromised than the average website if…

  • You use Google AdSense
  • Your website links to your Twitter, Facebook and LinkedIn accounts
  • Your website links to your Twitter account and you have 10,000-20,000 Twitter followers

Your website is 3 times more likely to be compromised than the average website if…

  • Your website is powered by Joomla
  • Your website has 20 or more plugins

Cybercriminals Are Just Like The Paparazzi

You can think of cybercriminals as the paparazzi, in which you constantly need to defend against malware, vulnerabilities and other cyber threats. Like the paparazzi, cybercriminals will disguise themselves and follow you.

How Do Cybercriminals Compromise My Website?

More than 88% of malware is found within the first 25 pages of a website. Below are some examples of the most common types of malware cybercriminals leave behind.

Backdoor Files: Cybercriminals leave backdoor files as a way to secretly enter and leave a website. Backdoors give hackers the ability to add, modify or delete a site’s content.

  • Backdoor files account for 40% of all malware infections.

Spam: Hackers use spam to post comment spam and manipulate search engine results to increase their rankings.

  • Spam accounts for 30% of all malware infections.

Redirects: Cybercriminals use redirects to redirect the user from a legitimate web page to a malicious one.

  • Redirects account for 20% of all malware infections.

Shell Programs: Shell programs give hackers the control of a website’s files and the ability to administer a website.

  • Shell programs account for 6% of all malware infections.

Miscellaneous: Miscellaneous infections, including bad bots and phishing, account for 4% of all malware infections.

Bad Bots: There are two kinds of bots – good bots and bad bots. Bad bots perform malicious tasks, like DDoS attacks, website scraping and comment spam.

Phishing: Phishing emails are seemingly harmless emails that trick the receiver into providing information or clicking on a malicious link or attachment.

Securing Your Website

Just like celebrities need 24/7 security to protect themselves from the paparazzi, websites need 24/7 website security for protection against cybercriminals.

You can use a website scanner to check for malware and vulnerabilities on your site. If the scanner finds anything suspicious or malicious, you will be alerted. It is recommended you use a website scanner that will find and automatically remove malware.

A web application firewall (WAF) can differentiate human traffic from bot traffic. If a WAF suspects the traffic attempting to enter your site are bad bots, like scrapers, access will be denied.

With October being National Cybersecurity Awareness Month, there’s no better excuse to take action of your website’s security. Don’t assume that, “everyone is using this tool, so it must be secure.” Take action and manage your security by managing your risk.

For more information about securing your website and combating cyberattacks, give the SiteLock security experts a call at 855.378.6200. We are available 24/7/365 to help.

*This data is based on the SiteLock® database of over six million websites as of September 2016. Website features do not cause website attacks, but they are associated with an increased likelihood.