The Covid-19 pandemic has changed in a blink of an eye how we live, as well as how we work. It has also pushed many businesses in the direction of full digitalization in no time. During lockdowns around the world, almost all companies have shifted their meetings online and started adjusting websites for supporting their new way of business. Against the backdrop of lost jobs and working from home approaches, many people have launched small and medium businesses online, via new websites. As we saw in 2020, this is well reflected in an increased demand for domain names. Of course, this has been good news for cyber criminals, who started hacking more than in previous years.
Web admin – not needed
This large number of new business websites has brought a new issue. As many of these websites are “homemade”, tending to be cheap and have associated costs close to zero, the role of web-admin has also shifted, and, in many cases, has been – erased entirely. At first, it looked like this position was not needed…
A new fancy WordPress, version 5.7, is out. It brings many things, but no one wants to look at the new specifications. The logic behind this is simple: it’s free of charge, easy to use, WP can be upgraded with one click and the user will do it because it brings patches for holes in the previous version of that CMS. No need for any help, and certainly, no need for help from a web admin. Everyone is able to click and upgrade, and then continue to work.
WordPress with fast upgrades, some free or cheap plugins – and there it is: the homemade business website. The business can be run simply, and the end user is capable of being a web admin. The user doesn’t need to act as a pro, perform daily checks, upgrade all plugins on time etc. At the end, who will want to hack exactly this website among millions of websites around the web. Well, logic is flawed.
“I didn’t touch anything!”
WordPress powers 35% of the Internet, and according to WordFence, there are almost 90,000 attacks per minute on WordPress websites. One study found there are 3,972 known WordPress vulnerabilities. Out of which, 52% are from WordPress plugins, 37% are due to core WordPress files and 11% are from WordPress themes.
During the pandemic, hackers have increased the number of attacks, while on the other side, web admins almost lost their jobs. Homemade websites without admin support have become easy targets for hackers. Phishing, bot net, spam – you name it. Homemade sites, with not sufficient support from owners, become easy to crack and they are mis-used further in expanding cybercrime activities. At the beginning, the owners of those websites are not aware what is happening. The website works normally, but at the same time website send, for example, tons of spam messages unnoticed.
Such activities are usually spotted by hosting companies, who are struggling to scan all websites for viruses, malware and other malicious software. Otherwise, website ends on some blacklist, or the hackers manage to change them entirely.
Of course, the web-admin of infected websites – their owners – calls the hosting company yelling on the phone: “My site is blocked (or not working, or similar), and I paid. I didn’t touch anything, it’s your fault.”
Life of Brian
The truth is simple – the website lives 24/7. Even when the owner sleeps, the website is awake and working. This life on the Internet brings many issues and the owners, usually with limited knowledge about WordPress and what is actually happening on and with the website (e.g. do you know that many times per day, bots are trying to login on your login page for WordPress? what if one succeeds?), blame the hosting providers for whatever goes wrong.
In fact, when the user says that “he didn’t touch the website for a month or two”, it instantly rings a bell. It means – this website is hacked. Usually, hosting providers have a hard time explaining to customers that they do not give support for WordPress problems, that WordPress is not their territory, and that it is customer’s obligation to maintain the website. In fact, the hosting provider has legal obligation to block the websites with criminal activities, inform the clients about the problem and wait for them to solve the problem before being able to unblock the website.
But most website owners are not aware of this fact. They blame the hosting provider, and this usually results with ending the cooperation.
Web admin – needed
This story was different just a couple of years ago. There was a clear role of web admin, who was paid to clean up things and make all the necessary updates on the WordPress website. Calls to hosting companies to provide support were reasonably rare and the problems were fully explained by web admins. The explanation plays a key role in solving the problem – better explanation, faster solution.
But the owners of homemade business websites, to save money, don’t see the need for web admins. And they call support typically with one simple question – “why my site doesn’t work?”. And very often, they end the cooperation with hosting provider and move to another, until a new hacking incident happens. Some of them make full circle over months/years, and they come back to their first hosting provider, thinking “this provider is not the best, but the rest of them are terrible”.
Every cost for web administration that is above 0 tends to be expensive for the owners of homemade websites, so now you can find ads on the internet for “free development and administration of WordPress websites”. Free CMS had led to free web admin… With all the implications.
This situation has been known for a long time and it’s quite similar to broken cars – if you have issues with the car, you need a repairman. They have the knowledge to fix the car, you don’t. If you think that you can fix it yourself – then you must learn a lot and achieve the level of knowledge of one repairman. And, instead of money, you will invest time in educating yourself. Anyhow – you must invest money or time to fix the car. The road company cannot help you in fixing it, even if you use their roads.
Read the previous paragraph by replacing car with website, repairman with web-admin and road with hosting.