Easy ways to avoid getting hacked
If you have a website then the thought of getting hacked should scare you. Hacked sites are increasingly in the news and in the past couple of years there have been major security breaches at huge sites including Sony, Adobe, even the European Central Bank. You may think it unlikely that a hacker would go after your site when more lucrative targets are likely to lead to greater rewards. But many attacks on websites are completely automated so the attacker doesn’t necessarily know anything about you. David Emm, Senior Security Researcher at Kaspersky Lab explained to The Guardian that many people use the same password for multiple websites so hacking your site could lead to very valuable information.
So how do you fancy making your website a little more secure? We’re going to look at various things you can do to protect yourself against getting hacked. Some of these are very easy to implement and cost nothing, other techniques will require the help of a web developer and may cost a little money, but probably a lot less than it’ll cost if you have to pay a security expert to clean up your site after getting hacked. In the following post I’ll talk about securing your PCs, using strong passwords, making your website tougher to hack and the importance of keeping backups.
The information here is written with WordPress in mind but much of the advice holds true whatever system your website is built on. By spending a little time now you may well be able to avoid getting hacked.
Use a strong password
A really easy way to avoid getting hacked is to use strong passwords. A massive number of websites are ‘hacked’ simply because their owners fail to do this. After adobe was hacked in 2013 the hackers released a list of the top 100 most common passwords along with the number of people using each. At the top of the chart was ‘123456’ which was the password of choice for almost two million people. Second place was ‘123456789’ and third place was taken by ‘password’. Make sure you use a different strong password for every site you use. I’ve written a quick guide to using strong passwords to help you do this.
Security starts at home
Another major reason for websites getting hacked is getting a virus or key logger on your PC. Keylogging, also called keyboard capturing, is the process of covertly recording everything you type on your PC in order to gain copies of usernames and passwords. If this happens it won’t matter how secure your password is. Make sure you have current, up to date virus software installed on your office computers and anywhere else you may log into your website from like your home PC.
Change the defaults
When WordPress is first installed it now gives a choice of default username but in the past all new sites were created with the username ‘admin’. This should be changed as failing to do so means that a hacker already has half the information they need to gain access to your site. Sadly WordPress still won’t let you change your username as standard but this can be done with the use of the excellent, and free, iThemes Security plugin. This plugin can also help you change many other defaults such as the way database tables are named and the location of your login screen which further secures your website. There’s also a pro version of the plugin which enables features like two-factor authentication which requires you to enter a passcode that’s sent to your mobile phone when you log in.
Keep everything up to date
An important, and simple, way to keep things secure is to make sure WordPress and any plugins you have installed are all running the latest versions. Every WordPress update comes with the latest security upgrades meaning that they’re always worth installing even if there are no new ‘features’ included. This is as easy as logging into your WordPress dashboard and clicking the Updates tab on the left of the screen.
Keep regular backups
If the worst should happen and your site does get hacked you’ll save yourself a lot of hassle if you’ve been keeping regular backups. This is a service we now offer to all our clients as we feel it’s really important. If you’d like to get things setup yourself there’s another iThemes plugin worth looking at called BackupBuddy. Backups can be sent a selection of locations including Dropbox, Amazon Web Services, an FTP site or even an email address.
Encrypt your site with an SSL certificate
Having an SSL certificate for your website means that all traffic between your website and your users will get encrypted. You may not have considered this option if you’re not running an e-commerce site but with Google’s recent announcement that they are starting to use SSL certificates as a measure of quality in search engine listings could mean that the time is right to look into SSL. Setting up an SSL cert could be as simple as asking your hosting company to set one up, or it may be more complicated depending on how your site is configured. Certificates range in price from around £10 to hundreds of pounds. One reason for this is the fact that some certificates come with warrantees against financial loss, which is important for e-commerce sites. If you feel SSL might be a good idea for your site you should have a word with your web designer who should be able to help you out.
Unfortunately there’s nothing you can ever do to make your website 100% secure, but by following the tips here you can make your site much safer from hackers.
If this has been useful for you why not sign up to our free email newsletter to get helpful advice delivered direct to your inbox.