• Tips to Keep Your Website Safe from Hackers

    March 20, 2018 | Blog item

  • An ounce of prevention is worth a pound of cure, this is so true when it comes to website hacks.  There is nothing worse for a small business owner than waking up to find out your company website has been taken over.

    You may not think your site has anything worth being hacked for, but websites are compromised all the time. The majority of website security breaches are not to steal your data or deface your website but instead attempts to use your server as an email relay for spam or to set up, a temporary web server, normally to serve files of an illegal nature. Other very common ways to abuse compromised machines include using your servers as part of a botnet, or to mine for Bitcoins. You could even be hit by ransomware. Hacking is regularly performed by automated scripts written to scour the Internet in an attempt to exploit known website security issues in software.

    There's no way to protect your site 100% but there are steps you can take to help. 

    Here are our top tips for web builders such as Wix, Weebly, Shopify, etc and content management systems such as WordPress that most small business owners use.

  • 1. Strong Passwords

    Your password is the key to unlocking your website so make sure it's a good one! When you begin building a website take the time to choose a password that’ll be easy for you to remember, but tricky for others to guess.  Avoid using your company's name as part of the password since that's easy to guess. A strong password should be at least 8 characters with letters and numbers and try to include a mix of upper and lowercase letters. It's important to make it strong since it's is very easy to use a password hacking program to discover what your password is and some of them can crack it in less than 5 seconds.   

    Also, don't use the same password for all of your online accounts.  If you feel like you can't remember all your passwords use a password tracking tool such as 1Password to track everything.

  • 2. Protect Your Devices (Computers, Tablets, Smart Phone)

    Keep your important info safe by adding an unlock passcode to your personal devices like computer or mobile. Make sure to update your software when prompted and use a program to check for malware or viruses.  Also, turn on your the Firewall to keep your computer from showing up on networks. For Mac users do this by going to your System Settings (Security & Privacy). In the Firewall Options, check the box to Enable Stealth Mode. 

    Unfortunately sometimes our devices can be misplaced or even stolen and we don’t want a stranger getting their hands on your goods. You can also look into applications that allow you to retrieve your data and then wipe the device clean remotely.

  • 3. Use Your Own Computer

    It is always preferable to use your own computer. This will prevent the likelihood of a virus affecting your work or an unknown person accessing your accounts. If you need to use a public computer, at the library or otherwise, always make sure to log out at the end of every session.

  • 4. Set up a 2 Step Verification Code

    Your email address and social media channels are vulnerable doorways to your most private information. Your email account often holds confidential conversations, important files, and your passwords or codes. This means that if it's compromised someone can access everything inside and reset all your passwords to your other accounts including your website. Setting up a 2 step verification code for your account will help protect you from this happening.

  • 5. Don't Go Phishing

    Phishing is when what appears to be a trusted source (Ie: an email from a friend or company you are in communication with) is actually a faker posing to be that person/company. They will ask you for personal information and passwords and then hack into your accounts. This can be frightening to think about, but it is important to just stay aware and sensitive. If you get a strange looking message that seems a bit off from what you’re used to – STOP. Don’t trust them and reach out another way (like a phone call) directly to check. Always better to be safe than sorry.

  • 7. Create Backups

    You’ve heard a lot of talk about the importance of backing up your hard drive just in case something should happen to your computer. There are few things more painful than knowing that all of your precious files have been lost forever.

    The same holds true for websites. It seems like every day there is a new headline about the latest high profile website crashing or getting hacked.  Creating a regular backup that is stored in the cloud will enable you to quickly restore your site. If the site has been hacked you'll need to look at changing your passwords and updating your software if you're using Wordpress in addition to restoring your site.

    Below I've listed some links on the more popular website builders on how to create a backup or at very least duplicate the content.

    For WordPress sites, I recommend using a plugin called Backup Buddy or Duplicator.  With the plugin Backup Buddy it automatically saves your backup to the cloud but you could also manually go in and use FTP and download your database using phpMyadmin and then store it using Google Drive. 

    With Joomla I've read about Akeeba Backup but again you can do a manual FTP download and use phpMyadmin.

  • 8. Install an SSL certificate on your site

    This encrypts the data you and users to your site transfer via the site, such as when submitting contact forms or using login in pages. Otherwise, data is transferred like a postcard in the mail, meaning anyone who’s looking can read it. Having SSL installed on your site allows you to login security (via https) while traveling. Many website builders already include this or there are a number of hosts offer that for an SSL for free.  

    The bonus with using an SSL it also helps your SEO Google rankings

  • 9. Change the Login Name (Wordpress Sites)

    The default WordPress login is “admin” and most hackers know that and use bots to keep trying to crack the password. It's important to change this to something else that would be difficult to guess. For example, something like "bonnie18" or "gillan2" are good examples. The best thing to do is delete the default admin and create a new custom login.    

  • 10. Consider Better Web Hosting (Wordpress & Joomla)

    Certain hosting companies such as Bluehost, WP Engine and Hostgator have your back when it comes to security. The routinely do security scans and will clean your hacked site for free.  Though, you may still want to hire a professional like Jim Walker or Sucuri to avoid a newbie hosting company employee “cleaning” your site and missing something given that there is now a 30-day Google ban.

  • 11. Update, Update, Update - Keep themes, plugins, and core up to date (Wordpress & Joomla)

    Wordpress and Joomla offer you loads of functionality and in my opinion, they are easier to rank for SEO than website builders.  However, if you've set up or hired someone to design a Wordpress or Joomla site for you and your managing the site you must ensure you update! Leaving a site without updating it leaves it open to security risks and this has happened to more than one of my previous clients.  It’s not enough to login once a month or less to do updates. Exploits will occur within days on massive numbers of sites as soon as they are published. 

    Also, don’t use plugins and themes that are no longer maintained. If your plugin or theme hasn’t been updated in a year or more, replace it right away. This can be a huge problem with themes. Many developers are fly by night and don’t stick around more than a couple years to support their theme.     

  • 12. Run Security Software on your hosting and Wordpress Site (Wordpress)

    Running a security software will help monitor and block attacks on your site depending on what you use.  Plus if there's an issue it will send you an email right away.  Below is a range of products and some of these you can use together:

    • Sucuri Security
    • iThemes Security
    • Wordfence
    • SiteLock
    • Shield Wordfence Security
    • BulletProof Security

  • Ongoing monitoring of your site

    If you've built your own site and your managing it yourself, it's very important to monitor it on a regular basis.  And if you're trying to rank for SEO, Google likes updated content so while you're there monitoring the site, create a blog or add/change a bit of your site's content.  

    For those of you that are WordPress users there's a number of additional steps you can take to protect your files and .htaccess which I'll look into blogging about later. It can get rather technical and I wanted to give a basic overview on how to protect your site rather than have you look at some of the content and get that deer in headlights look I find many of my non-technical clients get when I start talking about WordPress. 

    If you have any questions or want to get a website designed please give I Luv Web a call we would love to work with you.