SiteLock uses cookies in order to enhance your experience on our site. To learn about what cookies are, why we use them, or how to block or remove them, view our privacy policy.


Up To 10,000 Small Business Websites Discovered Each Day with Serious Security Vulnerabilities, According to Security Firm

Half of Vulnerable Websites Already Infected With Malware.


SiteLock LLC ( the global website protection company that protects more than 700,000 online businesses, today released a report which provides clear evidence that small businesses are now squarely in the sights of hackers.

SiteLock scans hundreds of thousands of small business websites every day in search of a variety of vulnerabilities. In just the month of April 2013 alone, the company identified between 5,000 and 10,000 small business websites every single day, mainly in the U.S., that had serious security vulnerabilities that could be or already had been exploited by hackers.

“Our daily scanning for a wide variety of security vulnerabilities confirms that not only are small business websites exposed to serious risks, in many cases these vulnerabilities have already been discovered and exploited by hackers,” according to Neill Feather, President of SiteLock. “Small business owners need to understand how website risks are business viability risks, and should be addressed with urgency.”

In any one day, SiteLock finds an average of 7,000 to 10,000 small business websites with serious vulnerabilities, and nearly half of those sites have already been hijacked and have malware installed. This malware is typically planted by hackers using automated tools to identify vulnerable websites. The malware is then used to infect visitors to those websites, send phishing e-mails, infect other computers, and even attack other websites through Distributed Denial of Service Attacks.

“My web site was being hit all the time, costing me up to $30,000 every time. Not to mention how many customers I lost,” said A.G., a SiteLock customer who doesn’t want to be identified for fear of retaliation. After losing more than $300,000 to web site attacks and malware that resulted in blacklisting by search engines, he turned to SiteLock for help. “I had no idea the damage malware could do to my web site. Since I started using the SiteLock website firewall, I haven’t had a single security incident.”

SiteLock’s report comes on the heels of other studies which found that nearly a third of all cyber-attacks in 2012 were targeted at small businesses, nearly double the previous year and a very worrying trend.

The Top 3 most common security issues discovered by SiteLock were:

  1. Malware
  2. Cross-Site Scripting
  3. SQL injections

Malware that hides on websites to infect visitors is known as a drive-by download, and in January 2013 the European Network and Information Security Agency (ENISA) identified the drive-by download as the number one cyber threat worldwide.

“A website is a valuable asset, but an unprotected website is a vulnerability that small business owners can’t afford to ignore,” said Neal O’Farrell, an expert on small business cybersecurity and an advisor to SiteLock “Not only are they exposing their livelihood and their customers to serious risk, they also create a national security risk by providing a platform for malware to spread to other computers and users and even potentially attack the nation’s infrastructure.”

SiteLock offers the following tips to help small business owners protect their websites:

  1. Make sure you’re scanning your website around the clock so you can quickly find and plug vulnerabilities before hackers find and exploit them.
  2. Create a security plan and policy that specifically addresses website security and makes it easier to remind yourself about routine security tasks.
  3. Be careful about the way you manage passwords, and especially about how employees store FTP and other website passwords on their computers and other devices.
  4. Don’t just rely on traditional defenses like antivirus protection to detect malware. SiteLock’s studies have found that advanced website scanning detects at least 30% more malware than these conventional security tools.
  5. Regularly update any third-party programs or plugins you use on your website, and consider uninstalling any plugins that are no longer supported or which have known security vulnerabilities.

Read the complete report.

About SiteLock

SiteLock is a global website security technology and services leader, protecting more than 1,000,000 websites. SiteLock finds, fixes and helps prevent malware and other threats from affecting websites and their visitors. As a member of a number of cybercrime awareness and prevention associations, including the Anti-phishing Working Group (APWG), the Online Trust Alliance (OTA) and, SiteLock continually strives to educate the small business market about the risks to their websites and help prevent them.