126-year old fashion magazine Vogue’s website was defaced a few years ago which resulted in its home page being dotted with dinosaurs sporting fancy hats. While it might sound funny, it caused serious embarrassment for the fashion behemoth. Link: https://www.grahamcluley.com/vogue-website-dinosaur-hack/. So let’s get started on How to secure your site from website defacement.

09 Jul 2022

What is website defacement?

Unauthorized attacks on a few web pages or your entire website where hackers ‘deface’ it by altering content, inserting code, changing the structure, images, etc, is called website defacement. A defaced web page can create a severe dent on your reputation. A typical defaced website’s home page would be filled with threatening and dark messages, heavy usage of black and white images, bold letters and believe it or not, a Call-to-Action button which will direct you to pay a ransom. Don’t get caught napping in the middle of it! Perform regular website security audits to steer away from danger.

How does defacement occur?

When your website is defaced, it will result in you losing traffic, revenue lowers page ranking and makes your credibility come crashing down. This is achieved through a simple process called SQL injection, a code injection technique wherein the hackers get admin access to the website.

The other methods are obtaining credentials through FTP and targeting websites that have vulnerable themes and plugins. When the hacker gains access to the admin’s login, it is easy to display any message or make any changes on the website.

While it is mainly used as a part of activism to attack political and religious websites, the other end of this spectrum is filled with hackers who are out to make a quick buck taking advantage of your website’s vulnerability. Corporate websites, public institutions and popular businesses are some of the victims too.

Use these 6 tips to stay away from the wrath of defacement

Defend your site against SQL injection attacks

This type of attack involves using SQL statements that are inserted into data entry fields thereby affecting the execution of SQL statements that were predefined. When hackers modify the pre-written SQL statement, they can change existing data, extract data from the entire database or even destroy the data. The data hacked can be misused in any way which is dangerous for your business.

Use website defacement monitoring tools

Web attacks don’t give you any time to recuperate or even react. It happens suddenly and you will be scrambling to mitigate the destruction done so far. Therefore, it is pivotal that you follow a bunch of best practices so that your business does not become a victim of defacement. Take your website immediately offline after a defacement attack. The hackers might have gained access to your database, servers and other applications.

You need to conduct a detailed website security audit with your technology team to gauge the extent of the damage. As a business that has let down its customers with a vulnerable website, it is your duty to use the services of your Communications and PR team to issue an apology through all channels.

Website Security Testing

Do remember that hackers are always trying to find a way to attack your website and there are a lot of methods that they employ to achieve it. Any time they see a vulnerability, be assured that they will jump on it. Using penetration testing and regular website security testing will be helpful in assessing the strength of your IT systems.

Defend against XSS attacks

XSS attack is also called as Cross-Site Scripting where hackers pass scripting code into a web form to run random unauthorized code on the website. Such an act allows hackers to embed scripts into the webpage that can perform actions that can deface your website by changing the site’s appearance, stealing cookie sessions of users, adding irrelevant images, including adding disturbing content, etc.

To prevent XSS attacks, you should prevent the hacker from injecting code through web forms. Another disturbing aspect of XSS attack is stealing cookies of users. The script injected causes the browser to send all the cookies of every visitor that has accessed your website to the hackers. This can even help the hackers get the credentials of your users.

Limit access to files

One of the most common methods through which hackers gain access to your website is through file uploads. Even if you have a thorough system in place to check file uploads, hackers can still get inside and access your database. The only solution to prevent such cases is to limit access to files. Ratify the users who can access the uploaded files. Get the help of your webmaster to store the files outside the root directory and enable access only via the usage of scripts and not through forms.

Tighten your network security

Once you are part of a big organization, you take for granted certain things like keeping a tight leash on security because you assume you are safe. Even if the lax occurs, here are some strict instructions that you can pass on to the entire organization:

  • Change passwords frequently
  • Logins will expire after a period of inactivity
  • Do not write passwords down
  • Do not authorize access to anyone from outside the organization
  • Any external device plugged into the network should be checked for malware
  • No sharing of passwords with guests. Create temporary passwords for them.

5 steps to take if your website is defaced

  • If the website is maintained by a 3 rd party, inform the webmaster immediately to take necessary steps
  • Reset all the passwords for administrator accounts, hosting and domain accounts. Ensure that you use strong passwords
  • Shut down your website and go on an investigative mode
  • Remove any links or content created by the hacker
  • Note down every change made by the hackers so that you can help yourself in the future


Think of Website defacement as a disease that can be prevented if you take specific steps. Type-2 diabetes is preventable if you take care of yourself with the right diet and exercise. If you don’t do either of these things and end up with this lifestyle condition, you need to control it, otherwise, it can prove fatal. That’s the same with website defacement. It’s a disease that is preventable. You lose your website’s information, reputation, money, time and the trust of your users.

Apart from backing up your data, you can enlist the services of a website defacement monitoring tool that has proven results in this area. If you are determined to keep hackers away, get on a discovery call with the 365andUP team.

Related Blogs
Read our most current COVID-19 update HERE.