Guest post by Alex Grant
Why would anyone try to hack your site? It’s a blog, not a bank account.
It’s easy to assume your one blog won’t become the target of a serious attack but, in truth, there are more reasons for a cybercriminal to target you than you might think. WordPress blogs are frequently hacked for the following reasons:
- To collect your personal information or the information of your users. Identity theft is a big reason why a cybercriminal might go after a well-trafficked blog. You don’t even need to collect a lot of information to make this viable: Criminals may be seeking to collect active email addresses they can sell to advertising companies or use for their own spam lists.
- To post “black hat SEO” web pages. If your website is currently a highly ranked website (or even a moderately ranked one), a cybercriminal may want to take over your website domain so they can post their own content on it. This is very similar to domain hijacking, and it’s designed to leverage the popularity of a existing website to sell goods and services, spread malicious programs, or point to affiliate advertising.
- To steal your website and hold it for ransom. Yes, this happens. And it’s usually not obvious. No one jumps out at you from a digital alley and says “$30 or the website gets it!” Instead, they throw a splash page on your website that tells you you’ve been hacked, then directs you to services you can purchase to restore your website—all under the guise of “protecting” you from the evil cybercriminals. This works because many people don’t back up their websites, so they can’t restore their content themselves.
- To embed malware and malvertising. Some people just want to watch the world burn. A cybercriminal can pull off a rather subtle attack by simply embedding malware and malvertising into your website. Your website will still be up, so you may not notice it is currently distributing malicious programs to your users (likely including yourself). Eventually, however, search engines are going to notice, and your website will be blacklisted.
To simply take your website down. DDoS (Distributed Denial of Service) attacks are one of the easiest ways a cyber attacker can take down a website. This can happen for a variety of reason. The attacker:
- May be a competitor
- May disagree with your positions
- May be trying to use it to gain access to your website by exposing other vulnerabilities.
- May be a competitor
Apart from this, your website can also be targeted as part of a larger attack. Criminal attackers might simply be scanning for vulnerable WordPress accounts because they are very familiar with WordPress vulnerabilities. Or, they may simply attempt exploits on all the websites they find, hoping to recover something of usefulness and interest.
How do you avoid becoming a target?
It all begins with the setup, which you can read about in “The Blogger’s Guide to WordPress Security”
Alex Grant is a Product Manager and digital nomad. He writes about VPNs and internet security because he doesn’t want his (or your) information sold to third parties without consent.