How and why websites get hacked — and how to fix them when they do

8 min read
Cathy Ngo

For many business owners, their website serves as the primary way they communicate with customers. Having a secure website is critical because it safeguards your information and gives customers the confidence to transact with you online.

Business owners should never underestimate the impact of a hacked website.

It can severely harm your business — not just by exposing your customers’ details, but by the loss of reputation that often follows.

In this blog, we share what you need to know to protect your website and your business from a cyberattack.

Why is internet security so important?

The pandemic forced the whole world to quickly adapt to online resources practically overnight. However, this transition also increased cybersecurity risks, resulting in serious economic and national security challenges.

It would be naive to think that small businesses are immune.

We mostly hear about big corporations in the news, but don’t be fooled! The lack of awareness about the risks and consequences means all businesses are vulnerable to cyber attacks. Keep in mind that most of these attacks are automated and bots don’t distinguish between big corporate websites and tiny sites.

Any website that handles private information must be protected. This private information can be in the form of:

  • Lists of newsletter subscribers
  • General enquiries including private details such as account numbers
  • Banking details shared during eCommerce transactions
  • Customer or supplier portals that require a login

If your website is not secure, you run the risk of a potential hacker spreading malware onto your website and all the systems linked to it. This can lead to them tracking your visitors and stealing their information — and of course, nobody wants that!

Related: 7 essential network security tips for small businesses

What is malware?

Malware is short for malicious software. It’s a broad term for:

  • Viruses
  • Worms
  • Trojans and other harmful computer programs

This type of malicious software is what hackers use to deconstruct and gain access to personal information. And although viruses are a type of malware, not every malware piece is a virus.

The information hackers collect may include:

  • Customer names
  • Email addresses
  • Credit card numbers and other transactional data

The worst-case scenario is when a hacker adds your website to a botnet of infected sites.

In most cases, hackers don’t breach website security by manually deciding on who to target. Rather, they often rely on automation to classify vulnerable websites and perform cyberattacks.

Person typing on laptop with green code on the screen

Most websites are compromised by unsolicited bots that scrape lists of websites and check for a range of common security vulnerabilities that can be used to gain entry.

The sad truth is that small businesses are increasingly becoming some of the most attractive targets today for savvy cyberthieves. As a business owner, you must know how to protect your business.

Related: How to get people to click in an era of almost daily data breaches

How to recognise the warning signs

Due to a lack of resources, small businesses often don’t have secure websites, accounts or network systems. This makes cyberattacks an easy job.

Here are some common indicators that your website may have been attacked:

  • You are suddenly offline for no rhyme or reason
  • Your anti-virus software has picked up a malware
  • Some random ads or codes are appearing on your website.

Like a headache or fever in a human, these can be symptoms of digital infection.

Related: Is your website safe? Try this free online virus scan

7 ways to protect your website from cyberattacks

The good news is that it’s not all doom and gloom. There are many ways to protect your website. We’ve outlined some ways to protect your site and prevent future cyberattacks in seven ways.

1. Get an SSL certificate

SSL stands for Secure Sockets Layer. It is an encryption technology that creates an encrypted link between your website and your customer’s browser.

You don’t have to wait for an attack to get an SSL certificate; in fact, it’s best to set it up from the get-go.

Once installed, a green padlock sign appears in the browser bar, which shows the world your site is secure.

GoDaddy’s SSL certificates increase website visitors’ confidence by visibly showing your site is locked and secure.

The URL of Any website protected by an SSL will start with HTTPS, instead of just HTTP. This is another clue that tells customers your business is very serious about protecting their data.

The lock and the HTTPS prefix means that the data passing between your business website and the customer’s browser is encrypted. Love technical details? Read How to enable HTTPS on your server.

Locked padlock hanging from a chain on green door
The padlock has become a widely recognized symbol of digital security.

Also, it’s helpful to note that search engines, such as Google, favour sites that are HTTPS-encrypted and will push your encrypted site higher in search results than those that are not protected by SSLs. This means it increases the likelihood customers will find you.

2. Keep everything updated

If there is an update available for your website, apps or mobile devices, we recommend actioning this straight away. Yes, we’re all busy, but acting on it right away minimises the chance that you’ll fall victim to a security gap the update is designed to close. Fast action will literally help protect you from a cyber attack.

3. Change your passwords every three months

It’s tempting to have the same password for everything but this is just asking to be hacked.

The trick is to make sure all new passwords are complex, or strong (find tips here).

This means coming up with a password containing numbers, symbols and upper and lowercase letters. If you have a customer portal on your website that requires login, encourage your customers to change their password and settings routinely as well.

There’s no need to try to remember these — password keepers like LastPass or KeePass Password Safe make using and regularly updating complex passwords easy.

4. Update your Customer Management System (CMS) regularly

The bulk of hacking attempts happen because the website owners have not updated their software. This is often the case with WordPress websites, as old plugins or themes are an easy targets for hackers.

Open laptop with Wordpress dashboard on screen
Hackers want names, addresses, emails — just the kind of data stored in a CMS.

It doesn’t matter if you run a small blog or a large website. If you have outdated software, malicious bots can easily crawl your website at some point and hack your site.

Unfortunately, many small website owners are still unaware of this vulnerability and don’t update or backup their CMS — until their site gets compromised.

5. Regularly scan all your devices

Malware often spreads from one connected device to another, which is why your website should have anti-virus software. Popular software includes:

We recommend installing this on all devices, including your smartphone and tablet. They’ll keep your devices safe from any online threats and alert you to any potential hackers sniffing around.

6. Log out of websites once you’re finished

When you log into anything, make sure that you log out and close the window once you’re done. This is especially important with internet banking or when using a public computer.

7. Add two-factor authentication

Two-factor authentication is basically an additional layer of security. When you log onto a website with your username and password, you’ll get a confirmation code that gets sent to your mobile or email. This helps to verify your identity.

Add two-factor authentication to any login process on your website.

While it might be easy enough for hackers to steal your customers’ login details, being able to also access their SMS or email is another security step — one hackers can’t hack.

Guard your website today

The stakes are high for any business that suffers a cybersecurity breach — think reputational damage, financial loss and possible legal action. Don’t risk it!

If you know your website has been hacked, let the pros at GoDaddy clean it up for you.

You should be transparent with customers about what happened and the measures in place to prevent it from happening again.

To be on the safe side, we recommend investing in an all-in-one security solution such as GoDaddy’s Website Security. This tool offers an SSL certificate, daily malware scanning, a firewall and automatic backups.

If you suspect some dodgy activity, you can rest assured you have a backup team in GoDaddy.