Preventing and Preparing for a Website Hack
Posted on 03/31/2017 at 08:00 AM
Did you know that in 2016, there was a 32% increase in the number of hacked websites from 2015? It’s no wonder internet security has become such a hot topic. While hackers have become more aggressive, website administrators are also to blame, as many are guilty of neglecting security measures, leaving themselves wide open to vulnerabilities.
Additionally, popular “free” or inexpensive open source platforms like WordPress, leave vulnerabilities of their own. In fact, in just February, news broke about a critical zero-day flaw in WordPress that essentially allowed hackers to exploit millions of WordPress websites.
So how can you protect your website? And how can you better prepare yourself in the unfortunate event that you are hacked? Read on.
Purchase an SSL
Essentially, an SSL certificate will make sure your website is encrypted using a secure HTTPS protocol. Doing so helps assure that no one (hackers, we are looking at you!) can capture information or alter the content on your website.
While encryption is already necessary if your website is being used to collect highly sensitive information like credit card info or social security numbers, the rise in hackings has contributed to a huge move to encrypt everything on the web.
Use Strong Passwords
We get it. Even the easiest passwords are hard to remember, especially when our lives seem to be saturated with them. It’s easy to understand the temptation to always use the same, easy password, the same one you use for your Facebook or Instagram account. Trust us. This is a terrible idea. Hackers are counting on you to make this mistake.
There are all sorts of tools you can use to generate completely random, secure passwords that are nearly impossible to crack. Try this one: https://identitysafe.norton.com/password-generator/#
Change Your Passwords Regularly
We know. First, we ask you to create and memorize a completely random, hard to remember password, and now we are telling you to change it on a regular basis. But being proactive in this way will make it even more difficult for hackers to crack your password.
Limit File Uploads
If you let your users upload files to your website, do so with caution. This practice can open up a loophole to hackers who may leverage this functionality to upload an executable file in an effort to gain access to your website. To prevent this misuse of file uploads, do not allow users direct access to the files they upload and store them in a location completely separate from the root directory. Additionally, change the permissions associated with any files uploaded to thwart users who try to execute them.
Backup your Website
When you’ve been hacked, quick recovery is crucial. That’s why it’s important to have regularly scheduled backups performed of your website. Doing so puts you in a better position in the unfortunate event that your website is hacked because it allows you to quickly restore your website to a previous version.
Verify your Website with Google Search Console
Google Search Console is a great tool that a lot of website administrators aren’t taking advantage of. As far as security goes, one reason you should be motivated to verify your website with Google Search Console is that it can warn webmasters if a hack is detected, and additionally, it can provide suggestions for fixing the hack. Catching it early will help you do damage control. Search Console is an incredibly valuable service that Google offers free of charge, so make good use of it.
Invest in a Secure Content Management System
The cost of creating a website in an open source platform like WordPress can be next to nothing, but always remember; you get what you pay for! A closed source content management system, like Global Reach’s proprietary system, SiteViz, will be far more secure, even if it is more costly. You can’t put a price on peace of mind, and as a responsible business owner, you need to make sure you are not leaving your website or any information it could be collecting about you or your customers, vulnerable to hackers.
When it comes to stopping hackers, there are no guarantees and no silver bullets. Security is a big job, and everyone must do their part to achieve it. At Global Reach, we follow industry trends and security reports. We employ firewalls and intrusion prevention systems to help protect customers. We never stop monitoring and auditing systems, aligning our security as necessary, to ensure we don't become vulnerable to new threats as they emerge. Still, even with extensive security measures firmly in place, something as simple as a strong password can be key in stopping a hack on your website.
If you need help or have any questions about how to start a website with SiteViz, contact us today!
Categories: Safety and Security