fbpx

NH STRATEGIC MARKETING, LLC 130 N MAIN ST FL 2 CONCORD, NH 03301

3 SCARY Website Hacking Stories How To Protect Your Business

3 Scary Website Hacking Stories

Suffering a hack to your website is an extremely frustrating set back any business owner can experience. Some hacks are more difficult to recover from than others. While they can be scary to deal with there are steps that can be taken to recover from one and protect future hacks.

I want to start off this article by sharing 3 stories of website hacks that we helped clients recover from. Each situation was a very worrisome situation but rest-assured we assisted each of them fix the issue and locked down their site to protect against future hacks.

Suffering a hack to your website is an extremely frustrating set back any business owner can experience. Some hacks are more difficult to recover from than others. While they can be scary to deal with there are steps that can be taken to recover from one and protect future hacks.

I want to start off this article by sharing 3 stories of website hacks that we helped clients recover from. Each situation was a very worrisome situation but rest-assured we assisted each of them fix the issue and locked down their site to protect against future hacks.

1. WordPress Site Inappropriate Content Hack

Years ago we had a WordPress client discover that her website had been hacked and reached out to us asking for help. Turns out her site was compromised due to a weak password and once the hackers gained access they replaced her site content with inappropriate content not suitable for her audience (or any audience for that matter). She was shocked and embarrassed after one of her customers brought it to her attention.

Not only can a hack like this negatively affect her reputation but it can also have other less than an ideal impacts on her business. She reached out to us pleading for our help and we came to the rescue. We immediately helped change her password, remove the source of the hack, and lock down the site moving forward so it couldn’t happen again. Later in this article I’ll share other steps we took that anyone with a WordPress website can take to protect their site from hacks. Let’s move on to another scary website hacking story.

Years ago we had a WordPress client discover that her website had been hacked and reached out to us asking for help. Turns out her site was compromised due to a weak password and once the hackers gained access they replaced her site content with inappropriate content not suitable for her audience (or any audience for that matter). She was shocked and embarrassed after one of her customers brought it to her attention.

Not only can a hack like this negatively affect her reputation but it can also have other less than an ideal impacts on her business. She reached out to us pleading for our help and we came to the rescue. We immediately helped change her password, remove the source of the hack, and lock down the site moving forward so it couldn’t happen again. Later in this article I’ll share other steps we took that anyone with a WordPress website can take to protect their site from hacks. Let’s move on to another scary website hacking story.

2. WordPress Site Redirect Hack

We recently had a business approach us letting us know their WordPress website had been hacked and were looking for help on how to get it resolved. This was a pretty sophisticated hack where the hackers were redirecting anyone that came to the site to another completely unrelated website selling pills. Obviously our new client wasn’t happy about this and wanted to get it fixed because it was upsetting customers, costing them potentially clients, and negatively affecting their reputation.

WordPress is an amazing platform and over 34% of all the website built on the Internet use this but it does have its weaknesses. The biggest mistake we see business owners make with their WordPress site include not updating the Core WordPress theme and the associated plugins on the site.

Out of date plugins and not being properly updated can allow for windows of opportunity for hackers to “break in” to the site and perform malicious activity.

This client discovered their website was redirecting to a prescription pills site. Even their Google business page was redirecting visitors to this site. Our team at NH Strategic Marketing migrated the site to our secure server, made a variety of updates including updated all the plugins and the security certificate. We have since locked the site down to prevent this from happening again. Our client is now happy again knowing his site is secure.

Now, onto the scariest hack we have seen recently.

We recently had a business approach us letting us know their WordPress website had been hacked and were looking for help on how to get it resolved. This was a pretty sophisticated hack where the hackers were redirecting anyone that came to the site to another completely unrelated website selling pills. Obviously our new client wasn’t happy about this and wanted to get it fixed because it was upsetting customers, costing them potentially clients, and negatively affecting their reputation.

WordPress is an amazing platform and over 34% of all the website built on the Internet use this but it does have its weaknesses. The biggest mistake we see business owners make with their WordPress site include not updating the Core WordPress theme and the associated plugins on the site.

Out of date plugins and not being properly updated can allow for windows of opportunity for hackers to “break in” to the site and perform malicious activity.

This client discovered their website was redirecting to a prescription pills site. Even their Google business page was redirecting visitors to this site. Our team at NH Strategic Marketing migrated the site to our secure server, made a variety of updates including updated all the plugins and the security certificate. We have since locked the site down to prevent this from happening again. Our client is now happy again knowing his site is secure.

Now, onto the scariest hack we have seen recently.

3. Shopify Website Hacked – How One Hacker Stole Over $3,000

We recently had a new client reach out and they let us know their Shopify website had been hacked. This particular client had an E-commerce business and woke up to discover some startling news one day. The hacker got access to their Shopify back office login due to a very weak and easy to guess password (hint: don’t make your Shopify login or any login easy to guess).

Once the hacker cracked their password he was in the back office and had free reign to do what he wanted.

The Shopify hacker then proceeded to update the payment gateway information to an Amazon Pay account the Hacker owned, shut off the other payment options for the site owner, and updated the admin email to one they owned as well.

This essentially diverted any funds generated from sales on the website to THEIR bank account.

By the time the site owner had noticed what had happened they were out $3,000 in sales (that money was deposited into the hacker’s Amazon Pay account and not theirs). Not to mention, the business
owner was out for the cost of the products sold and cost to ship those products as well.

We helped the client look down their site by updating their username and password to a much more secure login, fixed the payment gateway settings to how they were before, and most importantly enabled two-factor authentication. If you are a Shopify site owner that has been hacked I recommend checking out these steps to securing a hacked account.

We recently had a new client reach out and they let us know their Shopify website had been hacked. This particular client had an E-commerce business and woke up to discover some startling news one day. The hacker got access to their Shopify back office login due to a very weak and easy to guess password (hint: don’t make your Shopify login or any login easy to guess).

Once the hacker cracked their password he was in the back office and had free reign to do what he wanted.

The Shopify hacker then proceeded to update the payment gateway information to an Amazon Pay account the Hacker owned, shut off the other payment options for the site owner, and updated the admin email to one they owned as well.

This essentially diverted any funds generated from sales on the website to THEIR bank account.

By the time the site owner had noticed what had happened they were out $3,000 in sales (that money was deposited into the hacker’s Amazon Pay account and not theirs). Not to mention, the business
owner was out for the cost of the products sold and cost to ship those products as well.

We helped the client look down their site by updating their username and password to a much more secure login, fixed the payment gateway settings to how they were before, and most importantly enabled two-factor authentication. If you are a Shopify site owner that has been hacked I recommend checking out these steps to securing a hacked account.

Tips For Protecting Against Hackers and How to Protect Form Hacking

Preventing website hacking is not a topic many small business owners think about but they should. The costs, hassle, and issues associated with website hacking can extensive so avoiding getting hacked is well worth thinking about up front when you get your website designed or redesigned. Here are some tips that can help to lock down your site and protect it against hackers.

Change your WordPress login username from “admin” to something more secure

Many people who build their website leave the username as admin and if you do this you are just making it easier for the hackers. Take a few seconds to change this username to something harder for the hackers to guess.

Have a strong WordPress password

Let me break it to you. Using “password” as your password is not a good plan. Neither is “123456”, “iloveyou”, “password123” or any other easy to guess password. Use the password generator built into your website platform or come up with a unique password to create a completely unique, and difficult to guess password to help protect your website 

Update the Core WordPress theme on a regular basis

This is a big mistake we see small businesses make with their WordPress sites. Once they have their site built they never update the Theme and this eventually leads to issues. As I mentioned earlier, this can lead to vulnerabilities that can leave an open door for potential hacking attempts. For our website maintenance clients we take care of updating the Core WordPress theme on a regular basis.

Update Plugins regularly

Plugins, just like your WordPress theme, need to be updated on a regular basis to ensure your site stays secure. Not updating plugins on a regular basis can lead to your site getting hacked. Out of date WordPress plugins open up vulnerabilities in the defenses of your website.

Shut off Comments on your WordPress website

Comments are not helpful on most WordPress websites these days and even if you have a blog on your site the majority of the comments are Spam. This can be another way hackers can break into your site so don’t take the risk and shut off comments.

Have daily back ups on your site done

When our agency hosts websites for clients, we do daily back ups on our clients’ sites just in case something breaks (or the client breaks something) we can revert back to a recent back up that was working and fix the site. Not every web host does this and you get what you pay for. Cheap shared hosting accounts through Godaddy or Hostgator do NOT do daily back ups. Most cheap hosting providers do not do daily back ups and this can leave you in a very vulnerable position with your business website. If something goes wrong, and you lose your website, without a back up you could be forced to start over completely.

Have a good website host that monitors for vulnerabilities and hacking attempts

Cheap website hosts will not tell you when something goes wrong on your site and this a prime reason why hackers can get away with hacking a site. It may take multiple months for a small business owner to discover that their website has been hacked. By then, the damage is done and they may have some challenges ahead fixing the hack and solving their problems. When our agency hosts a website we monitor all our client sites for vulnerabilities and hacking attempts.

Use two-factor authentication whenever possible

Two-factor authentication is an additional layer of security for your website. WordPress currently doesn’t offer this by default however there are some plugins that can enable this functionality on your site. Some site platforms like Shopify do offer this and you should absolutely turn this feature on to protect your website. I would also recommend turning on two factor authentication on your email account and even your Facebook business account as well. I heard a recent story of a small business who had their Facebook Ads account hacked and before they knew it hackers had racked ups. $10,000 ad spend on their associated credit card before they caught it.

What To Do If Your WordPress or Shopify Website Has Been Hacked?

Help, my website has been hacked! What should I do now? We have heard this before and helped many a website client on WordPress os Shopify with this exact situation. After a short conversation and some investigation we can come up with a plan of action to quickly and efficiently regain control and fix the issue on the site.

Time To Meet With Kyle Battis

Kyle Battis has been involved in advertising and marketing since 1999. He has a background in Website Design, Direct Marketing, Online Media Buying commanding $150,000 per Month Ad budgets, Live Presentations, and he has extensive experience designing Marketing Campaigns that make money for small businesses.

Time To Meet With Kyle Battis

Kyle Battis has been involved in advertising and marketing since 1999. He has a background in Website Design, Direct Marketing, Online Media Buying commanding $150,000 per Month Ad budgets, Live Presentations, and he has extensive experience designing Marketing Campaigns that make money for small businesses.

Claim Your Free Marketing Audit

We love helping Local Businesses discover the missing potential in their online marketing plan. 

Fill out the simple form below and one of our marketing specialists will perform a full audit of your online presence and get back to you with what we see, and what we can do to improve your current positioning.