Stealth is Wealth for Hackers: Take these steps for your safety!
There is a relatively new stealth method hackers can use to corrupt, not only your WordPress website, but entire computers!
The type of program is called RANSOMWARE.
This is a horrifying method of messing up WordPress websites and corrupting computers. It literally holds an entire computer ransom until actual cash is paid to remove the corruption.
What?! Here’s how it works.
Hackers use their usual multiple methods of gaining access to your WordPress website. Once they find a way in, they drop files of which you may not immediately be aware. But they redirect the viewer to another website. Several unsuspecting website owners may be involved in this redirection.
Eventually (really the blink of an eye) the viewer lands on a corrupted website that has a ransom program like the Nuclear Exploit Kit loaded on it. This kit is a program that gets into the entire computer (or workstation) of the viewer and immediately encrypts every single file on the computer, locking the user out of everything!
A window is then shown explaining that all the files on the computer are encrypted and that they must follow instructions to pay large amounts of money through Bitcoin, a popular online method of sending and receiving payments. Ransoms could be thousands of dollars.
The message on the infected computer warns not to try to correct the problem yourself or fiddle with the files in any way or they will be permanently corrupted.
What Can You Do to Prevent Either Being a Robot in this Exploitation or Being the Computer Who Actually Gets Held for Ransom?
There are two different issues here: your WordPress website and your computer.
I have done a few articles over the years about WordPress safety and security. Take a look and make sure you pay heed to their instruction.
- Keep ALL your WordPress website software up-to-date. That includes WordPress itself, plugins (whether they are enabled or not) and themes (whether they are enabled or not).
- Use security plugins. I use Wordfence and Sucuri on every website now. I also have added one called Edit Author Slug which hides your username. If you blog and do not use this or a similar plugin, your WordPress username is easily detected.
- Make your password difficult using 8-12 characters of all sorts (numbers, lower case letters, upper case letters, special characters).
- BACKUP! My favorite backup plugin is UpdraftPlus which you can use in conjunction with Dropbox to save every element of your website to an entirely different location. This includes your database, theme files, plugins, images, pdfs, audio, etc. If your website does get infected you can have a clean version to recreate your website. There are other good plugins; just be sure you are using one.
Your Windows Computer
- First be sure to have the Windows Automatic Update enabled. You can set it to update in the middle of the night so it doesn’t affect your work time. Allowing this auto update will make sure that any known holes found in Windows and other Microsoft software will be fixed.
- Make sure you have firewall hardware set up. For your home computer, this would be a router. The router only recognizes your computer(s). If an outside computer attempts to to connect to your network, the router simply won’t allow it.
- Windows also comes with firewall software. If you don’t have other firewall software installed, I suggest making sure this is turned on. Only use one firewall software package as there may be conflicts. Use this if there are other computers in your home network, or if you are using a WiFi hot spot at Starbucks or something.
- You will want security software on your computer as well. Microsoft offers a free program called Microsoft Security Essentials (it may already be on your computer depending on the version of Windows and it may be called Microsoft Defender – same thing).
I used to not trust Microsoft to do a good enough job, or to not bombard me with warning notices at ever turn. But apparently their firewall and security software packages are highly regarded now. I myself have been using ESET Smart Security for several years and have been super safe so far. It has a spam filter connected to my Outlook email program, automatically quarantines emails with known viruses, runs regular scans on my computer and warns me when I venture into unsafe territory on the web.
- One last thing: BACKUP! You can use a program like Carbonite or Mozy to automatically back up your files which is super important (I use Carbonite), but you also should back up your entire computer including the operating system and programs. Now this is not my area of expertise by any measure, but if you purchase a really good external hard drive and follow Microsoft’s very easy instructions, you can create a “mirror” image of your entire computer. Of course, this requires that you actually do it!
Do You Need to Worry if You’re a MAC?
Yup. First, the myth that MACs don’t get viruses is just that – a myth. The only reason MACs have tended not to be attacked is because for many years the MAC market was just a small percentage of computer use. The heinous programs were directed to the masses on PCs. Over more recent years, however, there has been an uptick in viruses appearing on MACs with 2015 showing the highest numbers of MAC hacks yet!
But are MACs vulnerable to these new ransomware programs?
Yes and no. Yes, if the ransomware is written for a MAC, but as with the other viruses, most ransomware is currently directed at PCs. However, it has been proven that a MAC can just as easily get hit if it were targeted.
In a Nutshell
To make sure you keep everything battened down, automate as much of your website and computer backup and security as you can. If you don’t think you’ll check in on your WordPress website frequently enough or you’re not sure how to set up the security plugins, have a professional do it.
It’s a LOT cheaper to have your website and computer maintained than FIXING it after its been compromised!