A good number of businesses prefer to purchase a ready and already running website instead of developing a web property from scratch. Marketing managers love to this way the most because of domain history, SEO value of that domain and similar reasons. Such an endeavour requires conducting preliminary research to assess not only the feasibility of buying the respective website but also checking whether the site is secure and free of any malware.
Older websites are more trustworthy and usually have an established audience. On the other hand, an old site may well have of the history of blacklisting or hacking in the past, which might result in bad website reputation among consumers belonging to your specific target audience.
So, how do you check if a site has been hacked in the past or if it was on any blacklist during its lifetime?
Check Preventive Security Measures First
If a website lacks the preventive security required to run a healthy web property, it might become an easy target for random and targeted hacking attacks. For example, good privacy and security practice is to access a website’s administrative panel using an encrypted connection. Check if the current website owner is using a virtual private network (VPN) to access and manage the website, for instance.
If not, consider adopting a VPN solution right after you purchase the site. Reliable VPN services such as NordVPN or VPNBrains are adding an extra layer of protection to any website you manage remotely but it is a good idea to check an unbiased review first.
Other tools you should be looking for in an existing site include plugins that regularly scan for malware and vulnerabilities as well as tools that tell you about pending updates and patches for the theme in use. It's important for users to be aware of these potential threats and to implement measures to safeguard their data and systems. This involves utilizing strong passwords, consistently updating their software, and using antivirus and firewall protection.
Check for Existing Malware
Another best practice is to scan the entire website you intend to purchase for existing malware. Plenty of online and standalone scanners can do the job but with varying success. Hence, run at least a few different scans using malware detecting tools by different vendors because no single security app is able to detect all malicious code.
Pay special attention to .htaccess files, .PHP files and media files because these are common vectors for attack. Look carefully for changes in any of the core configuration files as well as any redirections or traffic coming from unexpected regions. These are signs the website was hacked in the past and still runs a sort of malicious code.
WordPress and Joomla Sites Are Hacked Most
It really matters what CMS the site you want to purchase is using. Recent cybersecurity reports put the number of websites hacked daily at around 90,000 compromised website every single day. Over 80 percent of hacked websites are running on WordPress and close to 90% are using either WordPress or Joomla as their content management system.
So, get to know which platform the site is using and also check if they are running the latest versions of the underlying platform. An overwhelming majority of successful hacks are due to outdated versions of WordPress, Joomla or another CMS that powers the website as well as outdated plugins, add-ons or website themes.
Finding Compromised Administrator and User Accounts
Finding whether a website has some active compromised accounts is of utmost importance. Email is the single most used attack vector to gain access to login credentials to platforms of any kind, website administrator and user passwords including. A single compromised user account would allow bad actors to log into a website and install malicious code, sometimes even without the need to have elevated administrator privileges.
The good news is that there are few reliable online tools that allow you to check for hacked email accounts. “Have I Been Pwned” runs one of the most popular services for finding hacked emails and respectively hacked login credentials. There you can enter a valid email address and get a response if the account was breached, on which service and when. For instance, you can enter a website administrator’s email he/she is using for accessing the site and you’ll get info whether this email was ever breached in the past. A similar service runs on “PwnedList” but they do not provide info on the specific service where the hack is occurring.
Checking All Past Hacks
Online security tools as the ones cited above also maintain huge lists of all past data breaches and hacks that affect millions of accounts on numerous platforms. You should be aware that an attacker may use a compromised account that does not belong directly to a member section of a website to penetrate it. So, you will do yourself a favour by comparing your database of users against the full database of accounts hacked in the past.
A good proactive practice is to subscribe for alerts concerning a set of email addresses that these tools are able to monitor for future breaches. Sure, you sacrifice some of your privacy by revealing your user base to a third party but in exchange, you get notifications on any account hacks that may result in someone penetrating your website. Actually, by using such a service you can monitor for hacks all the accounts on any domain you own.
Concluding Words
As you can see, purchasing an old site may bring unwanted “extras” such as malicious code running inside the pages or compromised accounts enabling hackers to perform unwanted actions.
Thus, checking for hacked accounts and previous website hacks is mandatory. In fact, the history of website hack attempts and successful hacks speaks volumes about the specific domain you want to purchase. Pay special attention to repeated targeted attacks as they indicate this web address is of specific interest to someone with malicious intentions.
In any case, introduce pro-active security policy after you buy the website, including VPN connections, enforcing strong and unique passwords, regular scans for malicious code and regular checks for compromised domain accounts.