StopTheHacker: A Website Security Company That Doesn’t Care About Security

They are many companies providing hack/malware cleanup services for websites that are based around providing detection that a website has been compromised. This isn’t really necessary as a properly secured website is very unlikely to be compromised. Unfortunately, from what we have seen of these services, when they do a cleanup they don’t actually determine how the website was hacked in the first place, fix that issue, and make sure the website is otherwise secured (including updating any software running on the website). Doing those things are fundamental components of a proper cleanup and they website will remain vulnerable if they are not done.

Too often we have clients that come to us after having hired one of these services and had their website continue to be hacked. The client ends up paying to have the website cleaned up twice (or more) and suffering additional costs related to the continued issue with their website instead having it fixed the first time.

Our experience has also been that these services are not good at actually detecting hacks, so your website is not only left vulnerable to being hacked again, but you may not even get alerted that it has been hacked again. Detecting that website has been hacked quickly instead of preventing it from being hacked is also of little use in some instances. For example, if your website is hacked and your customer’s information is compromised no matter how fast afterwards that it gets detected, the damage has already been done and the information is in the hands of the hacker.

This brings us to StopTheHacker, which based on their name you would assume would be focused on actually protecting websites from hackers. Unfortunately for their customers that isn’t the case. If you look at the features of their service they are mainly focused on detecting that a website has already been hacked instead of making it secure in the first place. That would be bad on its own, but if you are using our Meta Generator Version Check extension, which is available for Chrome and Firefox, and you visit their website you will find something even more surprising:

StopTheHacker is Running WordPress 3.4.2

That’s right a website security company is failing to take the basic security measure of keeping software running their website up to date, which in the case of WordPress is very easy to do. Not only has StopTheHacker failed to update WordPress for over six months, but they failed to update when a security release was put out back in January.

If StopTheHacker actually did the “Vulnerability Assessments” they claim to do as part of their service, they would be aware that their own website is insecure. Or maybe they don’t use their own service? That would say a lot about what they think of it, wouldn’t it?

A company shouldn’t have anything to do with website security if they don’t care about the security of their own website like the StopTheHacker clearly does not, so we strongly recommend you avoid StopTheHacker and focus on doing the things that will actually protect your website instead of using services like theirs that will leave your website insecure.