Website security

Why Protect Websites Before Winter Holidays?

Updated: December 8, 2020 by Agnes Talalaev

There is a worst possible time to suffer an attack or data breach and it’s Christmas.

Not only because it’s a time spent with family and friends, vacationing and drinking hot chocolate in front of a fireplace. There’s also usually a lot of time away from work and your computer.

secure websites before christmas website security webarx
Photo by Eugene Zhyvchik on Unsplash

So what better time for a hacker to compromise your website than at Christmas?

For an e-commerce site, Christmas is usually the highest-selling time of the year and a hack is going to severely affect the sales. As a result, there’s a high chance, if you are not protected, to instantly lose all your Christmas sales.

For office workers, Christmas is a time when offices will go half-empty and employees are using up their remaining annual leave days. Those who are left will think more about what magical gifts to buy for their loved ones or where they are gonna find the ugliest sweater.

This is the time when a hacking attempt can catch a company totally off-guard and can bring a lot of trouble.

secure websites before christmas website security webarx

The good news is that you can give yourself peace of mind when leaving work to spend a cozy festive time with your family. For this reason, eliminating the risks beforehand can make your time away 10 times more calm and happy.

What are the biggest challenges for freelancers and digital agencies in 2020? Read the Website Security Survey Report 2020 to find out.

What do statistics say: Is Christmas really a holiday for hackers?

An answer to that question is best asked by hackers themselves. A survey made among the participants of the Defcon conference stated the following.

About 81% of the hackers said that most often their hacks happen during the winter holidays.


6% of the hackers say that Christmas is the best time to tackle a corporate network, while 25% think New Year’s Eve is best.


Speculating on the fact that hackers are more active during the winter season and winter holidays can mean that there are more active hackers in the northern hemisphere than in the southern hemisphere.

protect website
Photo by Sarah Vilardo on Unsplash

No one likes staying outside for a long time when it’s really cold, right.

Shopping Christmas presents online: What should I know?

In addition to hackers being more active, shoppers are as well. It all starts with Black Friday and Cyber Monday sales, where the early birds try to get the presents with really good prices. 

So it makes hackers work as well as trying to invent all kinds of different campaigns and ways to scam the unsuspecting ones. 

Several surveys made with people in the U.K., France, Germany, Spain, Australia, India, and Singapore stated that they had fallen victim to fake charity scams in 2019. 

Many people are exceptionally giving holidays by making donations. Cybercriminals know that as well as they pose as a charity online and collect financial data and money from unsuspecting users.

It’s not only the charity, but it’s also shopping online overall. 

protect website
Photo by Heidi Fin on Unsplash

For example, in 2016 ThreatMetrix predicted that there will be about 50 million online attacks during the week of Black Friday and Cyber Monday. What they actually saw was that there were more than 130 million attacks over the 90 day period that led to Christmas and New Year.

It strongly indicated that the final quarter of the year that leads up to Christmas and New Year sees the most attacks than other quarters of the year. So many reasons to protect websites, right.

What happens when your company is not protected?

This sounds like it concerns the consumer, but the actual loser here is a company that does not have it’s security measures in place.

The Ponemon Institute’s study showed that cyber-attacks on Black Friday and Cyber Monday could generate losses of up to $500,000 an hour for retail shops.

It’s not only the revenue loss, but it’s also the reputation loss, brand damage, and data breach. The loss can rise up to $4 million and you’ve heard about GDPR, right? 

Start protecting your websites from vulnerabilities

Get WebARX now
Google Blacklist

The study also showed that 64% of organizations saw the attacks getting more and more frequent when Christmas time arrived. The spikes were up to 64%. 

This data is a few years old and today the cyberattacks have grown exponentially, which means, the numbers have changed. Let’s just hope that more and more companies understand the need for security and how important it is to protect their websites and the data it holds.

How to prepare: 6 tips on how to stay safe during holidays

Now is the time to cover all the important tasks you need to do before leaving for the holidays. Securing your website, updating your software and more. Let’s dig in. 


Yes, in every blog post you read about how to improve your website of web application security, it will almost always include updates. But why?

Protecting the endpoint is the most important part. Hackers are keeping a close eye on security flaws and looking for possible vulnerabilities daily. These can be in popular web software and will aggressively target them once found.

protect website
Photo by Atanas Tsvetkov on Unsplash

When talking about CMS security then what makes it worrisome is that 98% of WordPress vulnerabilities are related to plugins. And usually, the plugins that are outdated are the ones being targeted.

Plugin vulnerabilities are best to secure by using a firewall that can receive virtual patches. When having virtual patches enabled on your firewall, a security team behind it can send your firewall security rules or patches of newly discovered vulnerabilities.


If possible keep the backups off-site, always. It’s never a good idea to keep your backups on the site itself.

The second suggestion for backups is that the best option is to choose the backup that is managed by your hosting provider.

You can read more about that in our blog post: Backup Plugin VS Hosting Level Backup: Which One’s Best?

Protect websites with a managed firewall

Before leaving for the holidays, make sure you protect websites with a proper web application firewall that can receive automatic updates or virtual patches. 

Why is that important?

It’s important because when you are away from your computer, spending jolly time with your family, hackers are actively trying to attack vulnerable software. This is where a proper layer of security comes very handy.

secure websites before christmas website security webarx
Photo by bruce mars on Unsplash

Read more about what a web application firewall is here

Access management

First the basics of access management:

  • Don’t leave your passwords hanging on a post-it in your office.
  • Set up 2FA wherever you can.
  • Revoke access to old accounts.

So about the post-its. Nobody likes passwords and nobody likes to generate new passwords and nobody likes to remember all their passwords. That’s the reason we use password management tools. Life just makes so much more sense after starting to use one.

Just some examples to try KeePass, LastPass or PassCamp.

And let’s not stop there, in addition to strong passwords enable two-factor authentication (2FA) on all your important accounts, especially on your website.

Read how to add 2FA to your website here

Have an incident response plan

So what is a response plan? It’s a plan to follow when things get really bad. By real bad, we mean for example that your e-commerce site is hacked and defaced with political propaganda. In addition to that, Google has reported the site malicious and has put your site on a blacklist.

It means no sales. No organic traffic. No traffic at all. And to top it off, there are hacker messages all over your front page. 

secure websites before christmas website security webarx
Photo by Issy Bailey on Unsplash

Absolute mayhem.

This is where the incident response plan comes in very handy. Who would you contact in that case? 

PS! There is a website malware removal guarantee feature, which is for situations like that. You can read more about the guarantee from here. 

Conclusion – Protect websites before Christmas

Christmas is a season to be jolly, but also a season to be aware of cybercrime.

As said, the worst possible time to suffer an attack or data breach is Christmas. 

So this Christmas be smarter and one step ahead. Protect and update your websites, make a backup and have a firewall and incident response plan in place.

This will help you to go and spend the holidays with your family without worrying.

Website security

Start your free 7-day trial now

Protect your websites from malicious traffic - set-up in under 3 minutes.

Try it now

WebARX is compatible with the following platforms: