It’s funny you never think about it until its far too late. I get called at odd hours with panicked clients “somethings wrong with my website “ or worse “Help my sites been hacked !” -these are the words you really don’t want to here late on a friday afternoon , or when your in the middle of a big project.
Let’s face it having your site hacked is really no fun.. no fun at all, so why not take a moment to prevent your site from being hacked ? and if you haven’t got the time employ someone who does or get a staff member unskilled so you can do it in-house. At the end of the day if a few hours work prevent the pain its well worth it.
Why did my site get hacked ?
The good news is its probably not personal, then again if you’ve just finished suing your old web designer it might be ( I had a client who was in that position..). Its most likely its was there you might not be aware of just how much hacking there is for a little perspective try reading this: the internet of things has been hacked in where bots (web robots) were used to send a bucketload of spam emails. The likelihood thats your sites been hijacked to send spam is pretty high.
CMS (wordPress, Joomla or Drupal) have exploits, and most modern sites use one of theses three open source CMS, I recommend them, most digital systems have exploits nothing is “uncrackable” or “unhackable”. I’m going to offer some simple tips to make sure your site stays online and as clean as possible, no voodoo just simple common sense. All of theses things are industry “best practice”
5 steps to care and maintance
- Make a backup – A simple backup plugin should at the very least send you a zipped up file of your site I recommend this is done automatically on a schedule. If your whole site gets demolished you have a copy.
- Stay updated – As fast as an exploit is found you can bet theres a bunch of people working in the open source coding industry to try and fix it. Often updating is as simple as clicking a button. make sure you have a backup before you update.. just in case something goes terribly terribly wrong.
- Strong passwords – I know they are a hassle but most sites get hacked by whats called a “brute force attack ” Though is sounds like someone beating up your sever with a baseball bat, what that really means is that a bot is attempting to get into your login .A bot will try user names and passwords over and over again, until it gets in. So Its obvious its going to try admin and test1234 <-theses are not strong passwords. I’ve also seen bots scrape the content from a site and use that to try get into a site, they get smarter every year. Use a capitol letter or three and some numbers and or special characters like %*^ or alternatively a really long nonsensical phrase (see xcd for explanation and a laugh)
- Lock the windows – forms are often windows into a site, you may have many or none. Most of us have at least a simple contact us form. WordPress has a comment system every comment is sent via a form. If its not necessary why even leave that open to spam and other risks? I use a simple plugin called Disable Comments saves my the hassle of having to clear out spam comments.
- Security plugins – If your really worried install a security plugin. there are heaps out there and for the most part they are pretty good. Some will send you a notification of every attempt to hack your site, sounds good? No, within a day you’ll be swamped with emails. Fascinating at first because of the amount of information you can see in them, but after a while its just a bit too much.
Others will automatically deny bots it thinks are malicious – However I had one that blocked out google and I was not impressed.
I hope this information was helpful go forth and maintain your site ! But if your too scared, or you simply don’t have time feel free to ask for a web site maintenance and tune up.