A website vulnerability scanner could save your real estate business

Products mentioned
Find, fix, prevent

Websites are an important part of most businesses today, and that’s particularly true of real estate. With most home buyers shifting the start of their home search to the web, real estate websites are a key tool for bringing in new business. However, these sites might open their owners to liability if they don’t take steps to harden them against hackers. But don’t worry — a website vulnerability scanner is the answer.

Why do you need a website vulnerability scanner?

In an ideal world, people would have better things to do than hack real estate agents’ websites. However, this is not an ideal world. Hackers from the United States, Russia, China and everywhere in between have shown they have great incentives to break into websites.

Hackers hack for a variety of reasons. Some fill sites with links to malware and adult content to hijack computers and earn a quick buck. Others take control of websites and computers to create a network of computers called a botnet that can be used to attack and hack into highly visible sites.

Whether they do it for profit or an ego boost, hackers are a huge problem for unwary real estate site owners.


Just a small opening is enough for a hacker to get in and steal information or cause damage. Although many real estate agent websites do not hold valuable customer information, the server used for a website just might. And those real estate agents who do accept and store personally identifiable information like names, addresses and passwords simply can’t take the chance that a hacker will target their site for break-in.

What happens if you get hacked?

If you do find yourself hacked, you have to tackle the problem on several fronts. First, you have to go through the embarrassing process of telling current and former clients that their information may have been stolen. Then you have to fix the holes and entry points created by the hackers. Finally, you have to clean up the digital damage, which may mean restoring your data from a backup or rebuilding the entire website. The damage to your reputation may take longer to repair, depending on how public the breach was.

But agents don’t have to wait around for a hack to protect themselves. A website vulnerability scanner such as GoDaddy Website Security, powered by Sucuri can head off hacking attempts before they happen.

Are all sites hackable?

Short answer, yes. But there are some website platforms that, due to their popularity, attract more attention than others. WordPress is the most popular content management system, or CMS, used to build and maintain websites. More than a quarter of all websites were built on WordPress, which makes it a perfect target for bad guys. If you use WordPress, a website vulnerability scanner is vital (get more security tips here).

Even if you don’t use WordPress, you should still protect your site with a website vulnerability scanner. Hackers don’t particularly care about platforms or industries, so no matter where your real estate website lives, you’ll want to protect it.

What is a vulnerability scanner?

So, what is a vulnerability scanner? I’m glad you asked! A website vulnerability scanner is a tool that automatically scans websites for the types of holes and weak spots hackers use to break in. Once they’re in, there’s very little you can do to protect your data.

Hand typing on keyboard
Christoph Scholz via VisualHunt / CC BY-SA

Real estate agents can rest easy knowing their site is regularly scanned and protected from common attacks. According to InfoSec Institute, these are some of the most common vulnerabilities that a website vulnerability scanner looks for:

  • Cross-site scripting
  • SQL injection
  • Ajax testing
  • File inclusion
  • JS source code analyzer
  • Backup file check

Now when someone asks you, “What is a vulnerability scanner?” you know the answer. Some of these attacks can be quite troublesome. For example, in a SQL injection attack, hackers look for weak points in a site’s code where they can “inject” malicious data or commands. This injection can include dirty links or commands that give the hacker access to private data.

Website vulnerability scanners like GoDaddy’s look for these types of warning signs. Most scanners include a malware cleanup and removal tool when problems are found, so you don’t have to figure it out yourself. Check out InfoSec’s list of open source scanners here.

So what is a vulnerability scanner, really? It’s peace of mind, protection for your website and a certain fix when problems do arise. More importantly, it’s protection for your business reputation.

Good habits to get into

Having cleaned up many hacked websites myself, I know exactly how dangerous hackers can be to a real estate website. However, following best practices will keep your website as safe as possible from hackers. Here are my tips:

1. Act immediately when you receive update alerts

One of the easiest ways for hackers to access a site is through outdated files. Just like your Windows or Mac computer, most content management systems (CMS) send out regular updates throughout the year. Some of these updates fix security issues.

The 2017 global ransomware hack nicknamed NotPetya took advantage of a vulnerability in the Windows operating system. Hackers got into systems around the world through individual computers that hadn’t yet installed the security patch sent out by Microsoft.

If your site is outdated — because you were too busy or distracted to upgrade — hackers can use publicly known vulnerabilities to access your server. The same goes for plugins, themes, and other add-ons.

2. Install a website vulnerability scanner

Scanners look for security holes present even in updated systems. This might be something you have already considered, but oftentimes hackers (or their automated apps) pick up small, unlikely issues that you wouldn’t think of. Fixing every potential problem ahead of time — closing every door, locking every window — helps keep the bad guys out.

3. Fix issues immediately

If a scanner does find an issue, you will get an email alert. Follow-up and fix any issues immediately (with GoDaddy’s scanner, you simply authorize the fix to have it taken care of). Leaving your site vulnerable can expose more data and open your site up to bigger problems.

Woman holding Key
Photo: Daryn Bartlett on Unsplash

4. Avoid outdated and unsupported software

You might find a perfect WordPress plugin for your needs, but it has not been updated or supported in over two or three years. If that is the case, avoid it. Apps and plugins that are not actively supported are more susceptible to trouble.

5. Have a backup plan

Try as we might, we can’t protect against everything. What you can do is create a security response plan so, should the worst happen, everyone knows what to do.

Save yourself the worry

Websites are an important part of doing business in real estate, but they don’t have to cause stress and problems. Follow these best practices so you can focus on the important parts of your job like showing homes and keeping listings updated. With a website vulnerability scanner on the job, you’re protected and notified of issues with your site 24/7/365. No matter what’s going on with your business — high times, illness, natural disaster — your website (and reputation) is safe. That’s something any agent can get on board with.

Image by: Ervins Strauhmanis via Visual Hunt / CC BY