These days, most websites are powered by a content management system (CMS) like WordPress, Drupal, etc. While the people behind each CMS do their best to write secure, bug-free code, occasionally a security issue is found. These issues can be fairly benign or extremely serious (as we’ve seen with a couple of recent Drupal core updates that Gray Loon immediately mitigated for our clients). That’s why it’s so important to keep your CMS and related plugins, modules, etc. up to date.
You may think that your website is an unlikely target because you aren’t storing any sensitive data. Think again. Data theft incidents may get the most attention, but there are several other ways bad guys can benefit by compromising your website. They often do it for financial gain, but sometimes it’s just their idea of fun.
Beware These 4 Web Security Risks
1. Sending of Spam from Your Website
We all hate spam. Did you know your website could be used to send hundreds or thousands of spam messages without you even knowing? After breaking into your website, bad guys could modify your website code or upload their own to generate large batches of email messages. Once detected, your host may take your website offline until you can prove the issue has been addressed. Unfortunately, the reputation of your domain name could also be damaged. This could cause email servers around the world to reject your messages or flag them as spam.
2. Reputation Exploits
You know how important Google, Bing, and other search engines can be to the success of your website. To help determine your rank in the results, search engines consider the reputation of your website. Reputation and rank are important to the bad guys, too. They can quietly upload pages to your website that contain links to another website. In doing so, they use your reputation to boost their reputation. You may not even know these rogue pages exist for days or weeks, but they’ll likely show up in search-engine results.
The bad guys may also modify your website to redirect visitors to another website that’s probably unsavory and detrimental to your brand. The bad guys get free traffic from your website with no need to boost their own website reputation. Most likely, you’d notice this redirect quickly, but the bad guys can quickly get ample traffic if your website is popular.
3. Defacement of Your Website
Defacement is another form of website compromise that can serve many purposes. Bad guys might deface your website to vilify your brand or promote one of your competitors. They could also leave hateful messages directed at a specific race, religion, etc. Some bad guys may leave digital graffiti as a way to boost their own ego; think of it like traditional spray paint graffiti minus the artistic value. Defacements can be as bold as replacing your entire home page or as subtle as editing some text or images. Generally speaking, defacement doesn’t benefit the bad guys financially – it’s just a form of self-promotion or activism.
4. Your Website May Be Used to “Mine” Cryptocurrency
Have you heard of cryptocurrencies like Bitcoin? It made the headlines earlier this year when its value surged over $19,000. While cryptocurrencies have legitimate uses, they’ve gained favor in nefarious circles, as well. I won’t go into the details of exactly how cryptocurrencies work, but I can tell you they require a lot of computing power to maintain. Anyone can contribute computing power. In return, they’re rewarded with a small amount of the cryptocurrency.
Bad guys can use your compromised website to exploit your visitors. How? They insert a little code into your website that’s executed by the visitor’s browser. Their computing power is surreptitiously used to earn rewards for the bad guys. Your website may be labeled malicious if search engines or anti-virus software detect the cryptocurrency code.
This is by no means a comprehensive list of consequences for leaving your website unpatched. You can be assured there are plenty of bad guys waiting to exploit it for their own gain. While you’re left with potential damage to your reputation and revenue stream, the bad guys simply move on to the next vulnerable website.
If you’re concerned about your website’s security, contact us. We specialize in developing safe, secure, responsive websites using the most up-to-date coding, frameworks and plugins. We’d love the opportunity to work with you on an upcoming web project.