Protect Website Images Plugin for WordPress

With the growth of the online market, the demand for professional-looking websites has increased. But, with this increase, so has the amount of malicious activity aimed at ruining a web page’s online presence through various hacks and tricks.

The impact of such attacks can be considerable – website owners lose credibility, traffic, and revenue. Even worse, these attacks can be personalized to target a specific page or blog post. In other words, an image-related attack can be used to target a specific product or service page.

It might not always be possible to prevent a website from being hacked, but it is always possible to reduce the damage. This is where quality web content and an effective defense against hackers come into play. When a visitor lands on your site, they should see a high-quality, engaging experience that persuades them to stay and read more. But, in the event that their first impression is negatively impacted by malware or a hacked site, their experience can become tainted – perhaps even ruinous. To protect your content and prevent your website from being tarnished in this way, it is essential to implement appropriate security measures.

The Rise In Site Hacks And Malware

From a simple typo that leads to a hacked site through to a complex data breach, these days almost every website is at risk of being attacked by hackers. And, as before, the impact of such attacks can be considerable. Consider the case of [Wix.com](https://wix.com/), a well-known website builder whose platform is often confused with [WebsiteHacks.com](https://websitehacks.com). In September 2019, Wix disclosed that an unknown source had accessed their platform and had built a database of some 483 million customer records. The information taken included names, email addresses, phone numbers, billing information, and hashed and salted passwords.

The malicious software used in these attacks is usually downloaded through an infected website or mobile app. Once it’s on the target device, it can spread to other connected devices through a process called [pandemism](https://pandemism.com/). This is the major reason why many security experts recommend using only legitimate app stores for downloading software.

Malicious software can take many forms. For example, there is [browser hijackers](https://en.wikipedia.org/wiki/Browser_hijacker) that inject themselves into a user’s web browser and monitor all of their interactions with the internet. Or, consider the case of [Dmitry Moskovitz](https://moskovitzdmitry.com/), the mastermind behind [CRIME](https://crime.com/), a malware analysis platform used by security professionals around the world.

Moskovitz began developing CRIME in 2014, and today it is used to identify and analyze threats to thousands of websites and apps across the globe. And, although it is a free tool for security experts, anyone can [sign up for a free CRIME account](https://crime.com/signup/). In other words, anyone, even if they are not a security expert, can contribute to the fight against cybercrime. This is a significant asset in what is now a global cybersecurity race.

What Is A Website Image Attack?

Websites get hacked for many reasons, but the most common cause of a website being attacked is through a problem with the site’s [image](https://en.wikipedia.org/wiki/Image). When a visitor arrives at your site, they usually see something like this:

An example of a hacked image

Unfortunately, the image above is just an example. There are many reasons why a site could be displaying a hacked image, but the most frequent cause is due to a security flaw in the code on the site’s server. Insecure passwords, stolen cookies, and an error in the code being executed on the server all can lead to a hacker being able to manipulate or replace an image on a site with their own.

This is why it is important to ensure that your site is running a [secure server](https://secure.runpath.com/){:.ibmxstatic}. If you are developing a new site, bear in mind the security implications of [using popular plugins](https://wordpress.com/tags/popular-plugins){:.ibmxstatic} such as [Title](https://wordpress.com/plugins/title/) for generating a unique, clickable web page title or [Description](https://wordpress.com/plugins/description/) for adding meta descriptions to web pages. Popular plugins are easy to use and can dramatically increase a site’s exposure – but, as mentioned, this can also lead to increased security risks.

Because website images are so important to a site’s overall look and feel, it is essential that they are stored and handled with care. To prevent hackers from corrupting or removing your images, you can try implementing these measures:

Use HTTPS And Prevent Cookie Theft

When a user lands on your website, they should see a lock on the top right-hand corner of their screen – indicating that the connection is encrypted and that their personal information is secure. Sites, such as [wikipedia.org](https://en.wikipedia.org/), that use [HTTP Secure](https://en.wikipedia.org/wiki/HTTP_Secure) ensure that all personal information – including website login credentials – are transmitted over a secure connection. This prevents [man in the middle attacks](https://en.wikipedia.org/wiki/Man_in_the_middle_attack){:.ibmxstatic} in which a hacker can intercept and decrypt user communications.

By using [HTTPs](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) and [cookies](https://en.wikipedia.org/wiki/HTTP_cookie){:.ibmxstatic}, you can [prevent hackers from stealing your site’s visitors’ personal information](https://letsencrypt.org/).

Let’s Encrypt is a digital certificate authority that was launched in 2015 with the explicit mission of making sure that HTTPS is always available on the web. To achieve this, they provide free, automated HTTPS encryption for domains, and they also offer a [free tier](https://letsencrypt.com/features/) that allows anyone to get started with their own encrypted site without paying a penny.

If you’re interested, you can visit the Let’s Encrypt website and create a free account. Once you have an account, browse to your preferred domain and click on the Get a Certificate button followed by the Install button (for manual steps). This will guide you through the process of getting a certificate for your site.

Remove Unnecessary Scripts And Plugins

Websites get hacked through [scripts](https://en.wikipedia.org/wiki/Javascript_(programming_language)) and [plugins](https://wordpress.com/tags/plugins/) that are attached to a site. Unfortunately, these items are usually attached to a site as part of a [canned package](https://wordpress.com/tag/canned-promotions/) by a third party, which means that removing them usually means losing the contents from the package.

The easiest way to protect against script- and plugin-related attacks is to remove unnecessary tools from your site. For example, if you are using [WP Rest API](https://wp-api.org/){:.ibmxstatic} to build a custom admin area for your site, it’s a good idea to remove this feature as it adds unnecessary strain on your server. Anything that is not necessary for the basic function of your site – including, often, the actual content – should be removed to reduce the attack surface and minimize the damage in the event of a security breach.

Regular Updates

With any new technology or product, it is vital to keep up with the latest developments and changes. In the world of cybersecurity, this can be as tricky as keeping up with the hackers and their tricks. However, regular updates can reduce the risk of a website being hacked. For example, frequent [core updates](https://en.wikipedia.org/wiki/Core_update) for [Apache HTTP Server](https://en.wikipedia.org/wiki/Apache_HTTP_Server){:.ibmxstatic} reduce the possibility of a hacker being able to insert a back door into the code.