Eight Steps to protect your website from hackers
Did you know that on average 30,000 new websites are identified every day (source Sophos Labs) distributing malicious code. Most people have this idea that viruses are distributed from adult sites, gambling, downloading sites, and other forms of vice but the reality is that the majority of these sites are legitimate small businesses that are unknowingly and unwittingly distributing the malicious code for cyber criminals. You might just be one of them.
Another misconception is that cyber criminals only go after large enterprises or government organisations. Unfortunately, cyber criminals do not discriminate, they will hack and hackable site. They have automated scanning tools constantly scouring the web looking for vulnerable websites they can infect with their malicious code.
This is how it works
They break into innocent websites and use them to infect the sites visitors with malware, lure them to dodgy sites, and infiltrate your databases to grab sensitive customer information. Luckily there are a few steps you can take to help you avoid dealing with this nightmare.
Small businesses are especially vulnerable to hacking because they usually lack the technology expertise and site security that larger companies can employ. They also suffer more in the long run if their lack of expertise slows or prevents repairs and their ability to get back to work. Business owners can lose significant online traffic, leads, and sales if their site lands on the dreaded blacklists operated by Google and other search engines.
"A lot of people will have to tangle with [a hack] at some point in time," laments Maxim Weinstein, executive director of StopBadware. His advice for small companies? "Secure everything."
Here's how to get started
Step 1: Scan And Block Attempts
Anti-virus software and firewalls are commonly used on personal and business computers, so why not your website? Your site is a target. Even more so if your running a popular CMS like Wordpress or Joomla. Some Cyber criminals simply try to hack your site because they can. This means you need active virus scanning and a firewall to block them before they even get in to your site.
Installing a security plugin and ensuring a firewall is installed on the host server is important. If you have a good host, some security measures may already be in place.
Step 2: Backup Everything Regularly
Backups might not sound like a way to hack proof your website, but having a back-up does two important things for you. First you can literally stop a Cyber criminal in their tracks. Just erase the entire hacked site and upload your back-up. Secondly it saves you enormous amounts of time should your site get hacked. Even the best programmers in the world may not be able to fix a badly hacked site but with a back-up you can erase the hacked site and upload the back-up. If you have a back-up, they don’t win. You do.
Step 4: Keep your software up to date
Cyber criminals aggressively target security flaws in popular Web software such as content management systems and blogging programs so they can attack websites more efficiently. By always using the latest versions of software and applying security patches promptly, you can avoid most Cyber criminals. It’s important to note here, that if your site is hacked and you clean it up, but do not fix the vulnerability, your site WILL get hacked again, and again, and again.
Outdated core WordPress software, themes and plugins are vulnerabilities that Cyber criminals love to exploit. In 2016, 78% of hacked sites were WordPress sites. Vulnerable plugins accounted for the majority of the points of entry. Always check for new updates and install them on a regular schedule and instal security updates immediately.
Step 5: Choose The Right Host
No matter how well you hack proof your website, a bad web host could still leave you vulnerable. Cheap web hosts sound great initially, but they don’t offer valuable features to keep your website more secure. Premium hosts cost more, but they offer features such as strong firewalls, server side security, and real-time site monitoring. They alert you immediately if there are any problems. The best hosts also block dangerous plugins and warn you if you’re running compromised plugins. I can not overstate the value of this kind of support.
If your looking for a recommendation on a good host I recommend Siteground. I use them for my own personal hosting as well as all my clients.
Step 6: Use strong passwords and keep them safe
Using strong passwords is crucial because Cyber criminals frequently attempt to crack or steal passwords for web software and FTP servers, which is where your website files are stored. Default, common or predictable passwords can be easily broken. While it can be difficult to keep track of many passwords, the likelihood of having your sites password be a target is high. I recommend using a secure password generator for ALL passwords.
Also make sure to protect your PCs from a virus infection since that can lead to the theft of site passwords that are stored on your computer.
Here are four things you can do to protect a WordPress site:
- Always change the Admin login
- Use strong passwords
- Hide your WordPress login URL (custom setups and plugins help with this)
- Add two-factor authentication (custom coding and plugins create this for you)
All of these methods help lock out Cyber criminals. If they can’t get in to your site, they can’t access your files or data.
Step 7: Register with Google's Webmaster Tools
Getting on Google's blacklist, which is used by the search site and the Chrome, Firefox and Safari browsers, can vastly reduce traffic to your site. By using Webmaster Tools, you will receive notifications of malware infections immediately, often before blacklisting occurs. The service also provides details about the precise problem Google is seeing. That can speed your site clean up tremendously and your return to Google's good side.
Step 8: Get expert help
Companies that are heavily dependent on their websites may want to hire a firm that provides alerts if they get on a blacklist, monitors for malicious activity, scans for security vulnerabilities, and helps with repairs after a hack. While these steps will help you prevent hacks, you will need to hire an expert should your site get hacked. Contact us if we can help you!