Keeping your website safe from Hackers takes actual work. Long gone are the days of building a website, loading the files online, and then forgetting about them. The majority of websites today are built on some flavor of CMS “Content Management System” which includes systems like WordPress, Joomla, Drupal, and also includes traditional E-Commerce focused systems like Magento, Shopify, and Volusion.
Regardless of what technology is used to build your website, this set of common practices will help you keep the hackers out. Should the hackers get in, you will be well positioned to remedy the situation immediately.
- Run your website updates. The first line of defense is keeping your software updated. Ideally, you run all updates when they become available. Most business owners do not want to get this involved, so we recommend that you run your updates at a minimum of 1 time per month. Running them two times per months even better!
- Delete your “Admin” account. Probably the easiest fix and biggest faux pas people make is creating an admin account named “admin” or “Admin” or “Administrator.” Many systems will also pre-create this admin account for you. Do not, under any circumstance, leave these accounts. Delete them and create yourself a proper admin account with your personalized login name and highly secured password.
- Choose your Host wisely. Your choice of web host will have a direct impact on how secure your website is. Many web hosts will never update your hardware or operating system thereby leaving you running on severally outdated software. We regularly see websites running on PHP 5.2.x which reach End of Life in 2006! Contact us today if you need a referral to a reputable host.
- Website Monitoring Systems. We always recommend that you invest in a Malware/Virus Monitoring system which can typically be purchased from your web host. Contact us today if you need a referral to a Malware/Virus Monitoring system.
- Backup, Backup, Backup. In case you do get hacked, having proper backups will prove invaluable to whomever you hire to get the hackers out. Regardless of your chosen CMS, backup systems are commonly available and can be set up on an automated schedule. Most backup systems also allow for remote storage so that you can send your backups to Dropbox, Box, OneDrive, AWS, FTP, sFPT, and others.
- Software Firewall. Because your CMS is a Dynamic Environment, it opens the doors for Hackers to execute malicious on your website. Most commonly this happens through Search, Comment, and Login forms. Hackers will also constantly try and break into your website through your logging into your Admin account. A properly installed and configured firewall will help thwart the most common exploits that hackers use to break in.
- SSL Encryption. Forcing an HTTPS connection will encrypt all data that moves between the web hosting server and the user’s computer. It will also encrypt your username and password when you log in to your admin panel. If your website offers any form of Login, E-Commerce, or collects any Personally Identifiable Information, SSL is a must have.
- Secure Password. There are different theories of what makes a password secure. What we do know is that data breaches have put well over a hundred million passwords at their disposal. With these lists and specialized freely downloadable hacking tools, the average cell phone can crack an 8-digit password in a matter of minutes. We create all our password to be at least 16 digits long and always use mixed case and special characters.
- Webmaster Tools. Google, Yahoo, and Bing offer “Webmaster Tools.” It is simple to setup and free to use so be sure you ask whoever builds your website to set this up for you. It is best to set this up under your email account. Once you are set up, the search engines will email you if they detect any issues with malicious code or potential hacking. It will also enable you to understand better how your website is performing from the search engines perspective.
- Webmaster E-Mail. Our last and final tip is another simple one. Always create a webmaster@YourDomain.com email account or mail forwarder. In case your site does get hacked or has a serious issue, the search engines will email this address in addition to being contacted through the Webmaster Tools.
Share this Post