We had an enquiry come through today from someone we’ve not spoken to before.
“I'm not sure where to start. My website has started running very slowly. I'm also getting strange messages from people asking about pharmaceuticals. Despite my PPC account still delivering good results, my sales have dropped by almost half from July to August. I believe this is because the site is running slowly.”
Yes their site has 15 second page load times, but the ‘pharmaceutical’ comment suggested something more sinister… that their website had been hacked.
A quick bit of research later and we could see that it had indeed been hacked, and it looks as if the hackers gained entry via a vulnerability due to an out of date version of PrestaShop, their eCommerce platform.
The issue the client has now is that their website’s security has been compromised, and they can’t trust that any data currently held in the website’s back office, or any data entered moving forward is secure. In short we advised them that the website goes offline immediately until this has been rectified. Furthermore they should really be telling past customers that their personal information may have been leaked.
We could most likely fix the issues, remove any infected files and close any backdoors, but this is never a guaranteed task (although we have a 100% success record) and unfortunately the client only has a small budget, and not enough to proceed.
In short, their whole online business is getting closed down because their website has been hacked.
This infuriates me as it could have been avoided!
All of the websites that we have been asked to recover from a security breach have been built in WordPress (including WooCommerce), Joomla or PrestaShop. Arguably entry-level systems which, although they serve a purpose of low-cost websites, need regular attention and updates to keep them secure.
This issue is that many budget web agencies who sell these systems do it to undercut competitors, and as such don’t advise clients as to the costs of updates, and more importantly the implications of not doing them.
Clients naively plod along thinking that they have a bargain website when, in fact, they have a ticking time bomb waiting to be hacked either costing them money or, as with this case, their whole business.
So what should clients do in order to stay safe?
- If you use an off-the-shelf (open source) system keep it, and every plugin/module fully updated
- Choose a web design agency that you can trust that keeps you well-informed
- Don’t assume that the cheapest option is the best, as with most industries it’s often not the case
We are Webbed Feet, we can recover hacked websites.