Building websites is continually becoming easier ever year, while the complexity of the world Hackers thrive in, is still very much technical with access to hacking tools being made more readily available with many resources for the novice to expert level Hackers.
No one really knows how many websites are hacked per day, yet estimates range from 30,000 to 60,000 or more; either way there is a greater need now more than ever to secure your website and hosting with multiple security levels and procedures, in addition to keeping everything up to date.
I have heard numerous business owners say, “No one would hack us, we are only small”; the thing is, it is not always banking details hackers are after, there is distribution of malware, using your server for spamming others, spoofing a webpage, attacking another web server and many more malicious activities and as the owner of the website you are responsible!
Yes, you are responsible and there have been cases where the website owners were charged for being hacked, due to the impact it caused to others. If you own a website, you need to know what security is in place, backups performed, monitoring and processes in place.
Here are 5 basic steps to help protect your website from hackers, there is much more you can do:
1. Stay Updated
Keep your website, plugins and server updated as a hack at occur at these points; if you are using a CMS such as WordPress, Joomla etc… join a security newsletter as to keep on top on any security issues as they occur. Google indexes a lot of information, yet this also helps hackers find websites with old versions and systems for easy picking.
2. Strong Organised Passwords
Where possible you want to use 2-Step authorization, yet in general organise your passwords with a Password Manager, and use the password generators that create long (12+ Characters) and strong passwords (Lower/Upper-case, Numbers, Symbols). I personally use Last Pass (https://www.lastpass.com) and KeePass (http://keepass.info); Last Pass is by far the most convenient for the non-tech savy.
Also, I do not add all passwords to Password Managers; all my Bank and Email account passwords are stored in my head. To ensure that they are strong passwords, I remember a phrase, instead of a mixture of words; for example “ILoveHotCement110%”… Create a phrase you would remember, yet not something that is know (ie. Movie/Singer/Book quote/title etc…)
Note: Avoid using the same password on multiple websites, as many people do this and hackers know this.
3. Backup and Store
You will want to Backup your files and database on a regular basis, how regular depends on the amount of data processed through your website. In, addition to storing them on a different server, you will want historical versions. Hacks can go undetected and you may have a hacked website with back-doors added over a year ago; so you want to keep some historical backups over a year old, in addition to your short-term backups.
SSL isn’t just for processing transactions, you will also want any sensitive information to be sent over SSL; such as user Logins. You will also want a valid certificate, instead of a self-signed one.
5. Security Layers
With CMS’s such as WordPress and Joomla, you will want to add security plugins to these and set them up properly to add that layer of security the default installation is missing.
I say “setup properly” as I have seen people add security plugins CMS’s like WordPress, yet they don’t even set it them up, which makes the plugin pointless until it is setup properly.
If you are looking for information or need security Contact Us Today!