Why do hackers hack?

Financial gain drives most hacking. If a hacker gets into your site, they can place ads on your pages to generate revenue for themselves; they can use your email account to send spam messages, or they might even steal your website visitors and redirect them to their own sites.

More personal reasons can also drive attacks. The hacker could be a business competitor attempting to sabotage your business. They could have a personal vendetta against you, or perhaps they are trying to make a political point.

Regardless of why hackers hack, what happens after a hacker attacks your site isn’t fun, and it can derail your bottom line. Website attacks can cost you new clients, your good reputation with existing customers, and they may even lead to legitimate business emails getting blocked and blacklisted.

How do they get in?

How do they get in?

Brute-force attack. Automated programs continuously attempt to log in to your WordPress admin center by trying to guess your password. These systems are quite adept at cracking weak passwords, especially if you are using “admin” as your username.

WordPress vulnerabilities. As WordPress releases new security patches, the bad guys look for old sites to exploit. They can reverse-engineer the security patches to know exactly how to get into your site. It’s critical to always keep your WordPress and plugins updated to the latest versions to keep hackers out of your site.

Server access. There are many tools used to manage your website files and databases that hackers can compromise in a variety of ways. Once the bad guys gain access, they can alter your website or send junk email through your accounts.

Outdated plugins. Just as the WordPress core needs to stay updated, so do your plugins.

What damage can be done?

Malware. - Malware is an umbrella term used to refer to a variety of naughty software, including viruses, Trojan horses, spyware, ransomware, worms, adware, and scareware. All are bad news.
Spam. - Did you know hackers can send spam emails from your website?! Spam not only hurts your reputation online, but it can result in your legitimate emails getting blacklisted. The worst part is, you may never know that your email didn't arrive.
Blacklists. - As a child, remember worrying about landing on Santa's naughty list? It applies to your website, too. Google and others can indiscriminately decide that you've been naughty, label your website or emails as dangerous, and block access. Instead of a lump of coal in your stocking, you'll lose website traffic and revenue.
Content changes. - Nobody likes having words put in their mouth, but some hackers aim to alter the content on your web pages, making it seem like their malicious attacks come from your brand. They may manipulate critical information or inject your pages with naughty links. Either way, it's a problem.
Code/file changes. - When hackers access your server, they can make changes to the files and code that comprise your site. Then they can do just about anything they want – from taking your site offline, to displaying offensive imagery or messages, to making less-obvious changes that are quietly spamming or diverting your traffic.
Dirty SEO. - This form of corporate sabotage is particularly deceptive, and you may never even know your Search Engine Optimization efforts aren't working as they should be. In this targeted attack, your online competitors may quietly be tanking your search engine rankings intentionally to generate more clicks and traffic for their own websites.
Data loss. - Data loss can be catastrophic, and it's certainly a worst-case scenario. A vengeful hacker may not be content with just vandalizing your site or sending junk emails from your accounts. If the bad guys are particularly malicious, they'll wipe out your entire website, including any backups that are stored directly on the server. You'd better hope your backup files aren't on the same server.
Website downtime. - In most cases, a hacked website is going to be down for some amount of time. Whether the downtime is caused by the bad guys who did the damage or by the good guys trying to clean up the mess, it undoubtedly will hurt your bottom line. Without timely notifications about the problem and a robust backup system, your site might be offline far longer than you would like – and perhaps lost forever.
Damaged reputation. - What will clients think if they come to your site and see something vulgar? Most people will click the back button and head to the next website on the list, never to return again. Your website has an online reputation in the form of warnings from Google and email blacklists. You certainly don't want to be labeled as malicious.
Lost business oppurtunities. - Most new business is generated online. Customers use the Internet to research a brand or product before they ever make a purchase. Weak website security will affect your revenue and bottom line. It's impossible to woo a new client if they can't get to your website or receive emails from you. If you take your business seriously, then you must also take online security seriously as well.

Sorry, bad guys. You LOSE!

Proper security is a must-have for every WordPress website, which is why we’ve included full security protection in every WP Crank package. You can rest assured that your site and reputation are protected from the vast majority of attacks that occur. Every package also includes rock-solid backups, which are a crucial element of security.

Help with WordPress

Some of the many ways we protect your site...

Malware Scans

If Google designates your site as containing malware, traffic will drop to nothing overnight – and you might not even know what happened. We continually scan your site for the latest known versions of all malware. If detected, we fix it immediately to quickly get your site back up and running.

Scan Core and Plugin Files

It's a game of hide-and-seek. WordPress sites offer many places for hackers to hide, but they can't hide from our scans. Our systems compare your core files, themes, and plugins with the WordPress.org repository and notify us immediately of any discrepancies. Sorry, bad guys – there's nowhere to hide.

Scan for Backdoors

Backdoors are sneaky ways for bad guys to gain control of your website. We scan for the latest known backdoors to secure any vulnerabilities quickly. We're also alerted if any suspicious activity is detected, so we know if someone does happen to get in and can prevent any further damage.

Enforce Strong Passwords

Don't roll out the welcome mat for prowling hackers with a weak password! It’s not just your password that protects your site, but also the passwords of site admins, publishers, editors, and members. Everyone with access to the site needs a strong password. Our tools can enforce strong passwords across your site, helping ensure hackers can't randomly guess and gain access.

Spam-Generating Detection

Nothing is worse than not being able to communicate with your clients. But even if you're innocent of any wrongdoing, your legitimate customer emails can be caught in spam filters if another site on your shared IP address is doing spammy things. WP Crank will confirm that your site is running on a clean IP address, and ensure you're not listed as known source of spam email.

Google Safe-Browsing

We'll help you keep your WordPress website out of trouble with Google. If Google detects any malicious intent on your site, including malware, SEO spam injection, or redirect threats, they'll blacklist your site without a second thought. We monitor their list of infected sites and will know right away if your site is listed.

Block Brute-Force Attacks

Bots are constantly trying to log in to your site – all day, every day. We continuously monitor these bots and will lock out any attempts to brute-force guess your WordPress username and password. Locking out users after too many access failures is a foolproof way to keep these bots out, especially when they use the password-reset form too many times.

Scan Content for Bad URL's

Our tools scan your website to uncover dangerous URLs, phishing scams, and malware. We'll check URLs against Google's Safe-Browsing list, making sure your site is clean and secure. If we do find something that shouldn't be there, we'll remove it quickly, ensuring your site avoids a search penalty with Google.

Spamvertized Detection

We quickly detect when your URL has been flagged for spamvertising. That's when your site is being used to aggressively sending spam emails; it can severely impact your search rankings and email deliverability and hurt your bottom-line.

Monitor Disk Space

If you're like most people, you're super annoyed when your smartphone requires you to delete photos so that you can free up space to receive emails. Your website has the same issues. Running low on storage space has the potential to make your server unavailable. Some denial-of-service attacks intentionally force your site to run out of disk space. We monitor your available space and will alert you to a problem before it results in downtime.

Scan for DNS Changes

Domain name servers are the equivalent of the Internet's phone book which helps translate domain names into IP addresses that computers understand. A sneaky attacker could access your DNS system and point your website to their IP address, thereby hijacking your site. We check your DNS records for any changes and will be alerted right away if your domain name is unexpectedly pointed to a different IP address.

Country Blocking

Does anyone from a foreign country need access to the backend of your website? Usually not. We use a country-blocking feature that can stop an attack, prevent content theft, or end malicious activity that originates from any geographic region. We'll block countries that are regularly creating failed logins, page-not-found errors, and those who are apparently engaging in malicious activity. Country blocking is an effective way to protect your site from attack.

IP Blocking

Do you know who is trying access your WordPress site and what they are trying to do? We do! Now you can protect what you've created from malicious users. If we detect that someone is scanning your site for vulnerabilities, we'll automatically block their IP address from accessing your site, preventing them from making dangerous attacks.

Audit Existing Passwords

Strong passwords are a critical component of any site. We'll ensure your passwords are strong by checking them against a database of common passwords and simulating a hack attempt. You'll know exactly which accounts are using easily crackable passwords and can then require users to implement new, more secure passwords.

Website Firewall & AntiVirus

This premium security layer brings a full-featured set of power tools to protect your site against advanced hacking attempts. We have a team of seasoned security experts to help with any malware cleanup or damage mitigation. Think of it as an insurance policy. Hopefully you'll never need it, but you'll be so glad you have it when crisis strikes.

Crank Up your Website Security!

If you depend on your website to bring revenue and new business opportunities, ensuring that website is safe and secure should be at the top of your to-do list. Get started today, and we’ll take care of everything for you! Get it done today by getting started and we’ll take care of everything for you!

Create your Plan!
Full coverage starts at just $49/month
WordPress Professional Support