How much it costs to be hacked

Replace or repair

cost: starting at $300 but could go over $10,000

If your site or your entire server gets hacked, there are two possible outcomes — replace or repair.

Replace can mean two different things, however. It can mean replacing the hacked site with a backup, but if you don’t have a security plan in place, replace can mean replacing your entire website with a new one.
Because if the hackers did a bang-up job + ruined everything on your account, including your site, your content + your graphics, you will have to replace it all.
Things would likely go faster the second time around, but if it’s been a minute since you built up your website, this simple equation can give you a rough value for the site you’re replacing. Take the amount of time you spent on your site + multiply it by your hourly rate. If you didn’t DIY your WordPress site, factor in your time then add the cost of having someone else design + build it for you.

{hours invested} x {hourly rate} + {investment} = value of your site

This site value can vary incredibly, but to put some numbers to the option, imagine you spent 25 hours writing content, gathering images, planning posts + prepping your website. If your hourly rate is $65, that equals $1,625. If you add in a $500 retainer you purchased for help with the setup, that’s a quick $2,125 that you’re out.
On the more positive side, some hackers edit files or inject code that causes issues for site visitors + site owners. Usually this type of hack is something that can be repaired without a total overhaul.
For these repair situations, we typically spend 4-6 hours on minor hacks + over 10 hours for a bigger breach of security. The average hourly rate for a WordPress developer runs between $75 + $150, so your repair cost would easily be $550 or more!
But the cost of being hacked doesn’t end there.

Lost income

cost: as low as $100 or into the thousands
Whether you need to replace or repair your WordPress site, you are going to deal with lost income while it’s down.
The reality is that customers will notice your hacked site — through viagra ads listed within your latest blog post, google flagging your site has hacked in a search, or downloads that happen any time they click a link. And the customers that see your hacked site are not likely to buy or enter their personal information (like an email address for your opt-in form).
While you can hope these customers come back to you down the road, there’s a high chance they won’t. Second impressions are hard to get, especially when it comes to safety + security.

If your site isn’t repairable, each day that the replacement takes to get together is a day you are losing income.

If you catch that your site is hacked, the best thing you can do is put up a temporary splash page to protect your reputation + your customers. This won’t save your site from a hacked label in google search results, but it’s a start.
The best way to put a number to the cost of lost income is by multiplying your average daily income via the site by the number of days it is affected. That may require you to take your digital product daily sales average times the number of days your site had a virus or spam content on it. Or divide your monthly revenue by the number of days you work in a month, then multiply that by the number of days you weren’t able to use your site.
Keep in mind that even if your site isn’t visibly affected by the crappy code, you are spending your time dealing with the issue instead of focused on your customers + fans. Even if you’re losing only an hour a day to this nightmare, that is still time that you take away from your ability to make money.

Search engine blacklist cleanup

cost: starting at $100
I already mentioned the cost to clean up your site, but what about cleaning up your reputation?
When your site shows up on google with the phrase “this site may be hacked” right below your company name, simply removing the crappy code isn’t going to make that label go away.

what a hacked site will cost your business // tiny blue orange
names changed to protect the unprotected

In fact, the process to remove the label next to your business name can take up to two weeks! That’s at least two weeks of potential visitors + potential clients being scared away by the chance of their computer getting a virus from your site.
At the bare minimum, a request can be made to google after your code is 100% clean of issues. But if there were bigger things to deal with in the code clean up, you may need an SEO expert to help undo the damage done to your website’s reputation.

Security game plan

assuming the lowest possible costs above, the total sits at $500.
Hiring someone to fix your hacked site could easily set you back over $1,000 in the blink of an eye.
Add to that the headaches + stress of dealing with a hacked site to quickly realize that coming up with a game plan is worth a little bit of money + effort. Here’s where the good news comes in, we have 3 options to help you avoid being hacked —

  1. Take our free security quiz to assess the biggest issues on your site + deliver the exact steps you need to follow to fix those problems
  2. Grab a copy of the WordPress security guide for $25 to help you devise your security plan to protect your business immediately
  3. If you want peace of mind without taking your attention away from what you love doing, host with tiny blue orange + enjoy our guarantee that if your site is ever hacked, it will be fixed for free

Whatever option works best for your business will still save you hundreds — if not thousands — of dollars in the end. So take care of your business + client’s security asap, not when it’s too late.

on your keyboard hit enter to search or esc to close