A Complete Guide on Website Defacement Prevention

Updated: May 2nd, 2021
5 mins read

Did you see when Donald Trump’s website defaced by hackers during the presidential election? Or when Lenovo’s website was hacked and visitors were greeted with slideshows of bored teenagers? According to a study conducted by the University of Maryland – Every 39 seconds there is an attack on websites. Such website defacement attacks are common and are generally targeted attacks. These attacks are an embarrassment for you and your business and should be kept at bay with robust website defacement prevention measures.

What is website defacement?

Just like vandalism in the real world, a website defacement is an online form of the same. After defacing a website, cybercriminals leave visible evidence that your website is hacked in messages and visual images. These messages or images may be political, religious, or written just for fun. Mostly, the attackers do it just to bring attention to a particular agenda they want to promote. There are also other incidents where the attackers leave behind messages such as “Hacked by …” to gain fame.

As a business owner, your website is the face of your business, and website defacement attacks can easily damage your company’s reputation. It will also bring financial impact for your business since the customers will skip your website and purchases won’t be made. The cost of fixing your website from defacement is also there. This is why website defacement prevention strategies are so important for your business.

Related: Website Hacked? 5 Immediate Steps to Take Once You’ve Discovered a Hack on Your Website

How do hackers deface a website?

Attackers deface websites by gaining unauthorized access through various means. They might exploit a vulnerability in your websites such as accessing admin accounts using credential theft, code injection, or exploiting elevated permissions and rights.

Other attacks such as DNS hijacking and malware infections can also be used. Once hackers get access to core files through these attacks, they can make changes as they want. Apart from defacement, these attackers can also install backdoors and other malware on the website to exploit it later.

Examples of website defacement

Let’s see some website defacement examples and see how they look like.

1. Defacement of Trump’s website during the 2020 election campaign. This is a typical example of political vandalism.

Trump's official website defaced: website defacement example
Donald Trump’s official website defaced during election; Source: NY Times

2. Lenovo’s website was hacked and visitors welcomed with a slideshow of bored teenagers. This was done in retaliation against Superfish by a hacker group named Lizard Squad.

Lenovo's website defaced: website defacement example
Computer manufacturing company Lenovo suffered an infamous website defacement; Source: The Guardian

3. Taking over a cryptocurrency forum by an ad campaign. This is how ads hijack websites and display their content.

Cryptocurrency forum defaced: website defacement example
Cryptocurrency forum defaced to show spam ads

As we see above, there are different kinds of website defacement, but any form is evidence that your website is compromised and you need to fix it as soon as possible.

6 Steps to website defacement prevention

As we have seen how website defacement can impact your business, we need to understand how to prevent such incidents. By following the below steps you can stop such attacks on your website:

1. Limit privileges

By limiting access to admin files and folders, you are protecting against attackers who have control over regular users, since these accounts will not have access. Make sure that access to core files is only available to those who need it. Privileges and file permissions should be based on user roles and requirements. Also, proper off-boarding of inactive users is important to have a sanitized list of users with high privileges.

2. Change default credentials

This is a very common security tip that is often ignored. When setting up a website, make sure that you update the default credentials. Basic admin names and passwords can be easily cracked to get access to your website. Also, try to change the default admin email and admin location while setting up your website, in line with website defacement prevention steps.

3. Limiting the number of add-ons and plugins

More the number of installed plugins and extensions on your website more is the potential entry points for attackers to enter. According to a report, WordPress websites with more than six add-ons are twice as likely to get hacked when compared with websites with no addons. Attackers might also exploit zero-day vulnerabilities in the plugins or themes and compromise your website. You can prevent this by uninstalling the unused themes and plugins and also by regularly updating them.

4. Limiting the number of file uploads

If your website allows for file uploads then it can be used by attackers to penetrate your system by uploading malicious payloads. Attackers might upload malware that would compromise your website. When using file uploads, make sure that there is a limit on upload size and file types and scan every file for suspicious entries.

5. Protect against attacks such as SQL Injection and XSS attacks

Protecting your site against XSS and SQL Injection attacks can be simple by sanitizing user inputs on your website and encrypting communication between servers. Installing a website defacement protection solution such as a web application firewall can also protect your site from such attacks.

6. Scanning for vulnerabilities

Security is never an end-point and thus it requires regular updates and repairs. Security scanners such as Astra can scan your entire website and find any vulnerability that might be present. This will reduce the chances of your website getting hacked and protect against a multitude of attacks that exploit such security gaps.

Also Read: A complete DIY guide on WordPress security – 26 security measures

How Astra Security protects website defacement?

Astra Security offers a complete security suite that includes Firewall, Malware scanner, one-click malware removal, IP/Country blockers, GDPR, and so on. Our expertise in cybersecurity and friendly assistance helps you in water bolting your website’s security from all sorts of cyberattacks. With our security tools, you can protect your website from website defacement, SQLi, XSS, CSRF, credit card hacks, file infection, spam, and 100+ other cyber threats. Astra Security Suite can stop real-time attacks on your website and help you take the necessary steps to put up website defacement prevention and other website security measures. Don’t believe, try us.