Category: Security

Ever wondered how much it would cost if your website got hacked?

The real cost of a hacked WordPress website could be much, much higher than you ever imagined.

Ok, so it’s hard to put a value on a website, especially without having any information. You may have paid little for it, you may have paid a lot, but if you’ve developed it over time it’s probably worth a lot more than you paid for it. If your website works, even if it’s not as well as you would like, it’s worth more than you think: here’s why:

• Your SEO – you will have a Google ranking and you may have invested in SEO
• Your content – you may have developed a blog, content, products, services – it all adds up
• Your customers are finding you and using your website to purchase directly or get background information
• Your brand and goodwill – it’s all tied up in your website

If you have to redevelop it all from scratch, how long would it take?

So, let’s take a rough guess at how much it would cost if your website got hacked

My findings are based on allowing my own website to get hacked just to find out what would happen. Yes, I really did that, and you can read about it here.

Let’s take a website that generates £100,000 a year in revenue and has been in existence for two years. It a purely arbitrary figure to help present a case. It could be an e-commerce store a site that generates leads, or a brochure site that backs up your proposition.

The true cost of a hacked WordPress website

[vc_separator type=”normal” color=”#202020″ thickness=”1″ up=”20″ down=”20″][vc_column_text]

[/vc_column_text][vc_separator type=”normal” color=”#202020″ thickness=”1″ up=”20″ down=”20″]

I know this is highly speculative, but it does give a good impression of the kind of losses in a hacked WordPress website that you may not have considered. This is without any additional fines and hidden costs that could be incurred by failure to meet with GDPR compliance.

It is no longer a question of IF but a question of WHEN.

This is not speculation, this is fact. I believe in hands-on experience. I allowed it to happen so that I could see what happens and further my knowledge. What better way to advise you on how to prevent a hack in the first place?

Two years ago I took the security off my site and waited. Two months later I was hacked. Yes, this is what I wanted. Then I watched and waited to see what would happen.

In the first instance you probably will not know that you’ve been hacked.

The early hack could easily have gone unnoticed. If you don’t do what I do for a living, then you would never have noticed it. A seed was planted and it sat dormant for a few weeks. Then, at a point when it was most likely all my backups would have been infected, the seed sprouted.

One month later there were 20,000 pages on my site. Yes, that’s TWENTY THOUSAND. All these pages were affiliated with various offerings where the hacker stood to gain a commission on any sales that were redirected. Literally spammed affiliate linking.

Then the website was Blacklisted and everything was lost.

A couple of weeks later Google’s algorithms spotted this and blacklisted my site. Once Google had done that, other blacklisting sites followed suit. So, if you tried to access my site you simply go a red screen informing visitors that the safe was unsafe and infected with Malware.

I lost all Google rankings and the entire content of my site. All the back-ups were corrupted.  I lost everything. This was great news because now I could work on getting a hacked site back again, but that’s another post.

If it was your website how would it fair, and what would be the true cost of a hacked website.

How do you make sure that your website is safe?

Simply run your website through these free security tests. It only takes a few seconds.

If you fail these tests you could fall victim to a hack at any time. This could have serious implications for your business.

Do you collect contact, customer or inquiry information via your website? If so your due diligence in protecting your customer’s data would fall outside of GDPR compliance.