When it comes time to redesign or create a website for their business, most people analyze web designers’ portfolios, review their past work and discuss different possibilities for their upcoming project. However, given the tech-savvy world we live in, people should remember to ask potential web designers about security as well. Consider the experiences of several websites in Chesapeake, VA, for example: a group claiming to have Islamic ties has hacked several of the area’s local websites in recent weeks, and cybersecurity experts are on high alert.
On Sunday, March 14, a group calling itself “Memberal Force” took over the website for Greenbrier Christian Academy, a private religious institution in Chesapeake. The group successfully shut down the website for most of Sunday and Monday. However, the site was functional by Monday afternoon, and the school has released a statement blaming malware. School officials said they are currently unable to connect the hack with any Islamic websites, and the FBI is still looking for culprits.
Cybersecurity expert Martin A. Joseph told Chesapeake’s 10 WAVY-TV that he believes the motive was notoriety. The president and CEO of 360IT Partners, Joseph says that hacking into a website is relatively simple, requiring only a username and a password.
Currently, investigators are searching for the IP address of the user who hacked into the website. Once they find this information, they will likely be able to trace the culprit to the location where the crime was committed. However, this is far from the only case on the FBI’s list: since January, the agency has been working three other cases in which a proclaimed pro-Islamic group hacked a website in the Hampton Roads region of Virginia.
Moreover, a number of websites based in Indiana, Wisconsin, Pennsylvania, Ohio and California have made similar claims in recent weeks, after message purporting to originate from the Islamic State, commonly known as ISIS, appeared on their web pages. All of these websites, however, were able to be restored in a few hours.
To reduce the chance of your website being successfully hacked, experts are recommending that businesses and individuals follow a few basic steps to improve their security.
“Avoid using the the username ‘admin,’ choose a strong password, keep your software updated, update plugins and delete the ones you are not using — even if they are disabled.” advises Jorge Benito, marketing manager for Ibis Studio. “Reset user permissions when you use FTP, move your config.php file to a folder higher than your WordPress installation, scan your website regularly and delete unused files, and more importantly redesign it or make a new website at least every two years.”