A special thank you to Yvonne Conway-Williams for her time and participation in the interview for this article.
At a recent WordCamp, I met Yvonne Conway-Williams, a social media marketing expert and front-end web developer. She approached our sponsor booth inquiring about website security. That’s when she said; “I wish I had found SiteLock two years earlier.” Struck by the comment, I asked her what had happened. Conway-Williams shared that on January 30, 2015, she and her husband returned home from a long day to find her client’s website, a local car club, defaced. Instead of her client’s homepage, the website featured a front page promoting and recruiting for ISIS, the terrorist organization.
Defacement occurs when a legitimate website is replaced with a hacker’s site. ISIS defacements often consist of a series of photos and pro-ISIS, anti-America rhetoric. Within a few hours of discovering the defacement, Conway-Williams was on the phone with the FBI. “It was very disconcerting how easy it was for them to access everything. The defacement was so easy,” she said.
Unfortunately, this developer’s situation is not an uncommon one. Googling “ISIS website defacement” brings up a string of articles. Over the last two years, pro-ISIS hackers and hacking groups have defaced hundreds of websites. Recently, a hacking group by the name “Team System DZ” defaced multiple Wisconsin government websites, replacing the sheriff’s website and Richland County Government pages with ISIS propaganda.
For Conway-Williams, the defaced website was not an eCommerce or large business website, in fact, the website owners did not even know about the defacement until Conway-Williams contacted them. The website was a local car club running on the WordPress platform. To fix the problem, she took her client’s website completely offline and moved the content to a new host. The entire ordeal took over 24 hours to solve and, “It injured my business,” said Conway-Williams.
Regardless of whether your website is a personal blog, a small eCommerce site, or a corporate business, you are at risk of a cyber attack. However, you may not be at risk for the reasons you think. The content of your website, number of visitors, or whether you accept payment may not be a factor. WordPress remains the largest CMS and holds a large market share of the internet. When vulnerabilities are discovered within WordPress, they affect hundreds of thousands of users, making them the perfect target for ISIS hackers spreading propaganda. According to author Nimrod Luria in a recent Infosec Island article, “The (hacked) sites appear to have one thing in common: they are all built on the WordPress content management platform.” So, your website may be a target because you share a common denominator with thousands of other websites: you run on WordPress.
There are ways to protect your website from similar defacements. Here are a few simple, but crucial steps that help keep your website secure:
Being a part of the WordPress community is a wonderful thing. But, when widespread issues such as defacements arise, it is important to know how to keep your website and your hard work protected!