Keeping Your Site Secure

Don’t trade online? Site gets hacked.

What’s the worst that could happen?
Google may post a message over your home page like this…

robust security warning

Would you continue to the site after seeing that?

Overt hacks, where a site is vandalised, is annoying. Covert hacks are more harmful. Code may be injected into the site to distribute malware or record visitors keystrokes.

Once compromised, ensuring the ‘back door is closed’ to hackers can take weeks or even months. With ‘Ransomware’ they may demand significant payment to restore your site.

6 Tips You Must Follow

To log in to your WordPress site, you should always use 2-step verification. However, if this is too much ‘friction’ for you, at least follows these 6 steps.

They won’t stop the determined hacker, but it will add significant protection.

1. Avoid Weak Usernames
Never use the default “admin” or the name of the website as a username! It’s scary how many do. Hackers try these options first.

2. Avoid Weak Passwords
For help on this, read more >

  • Do not use universal passwords
  • Avoid obvious personal info
  • Do not store passwords electronically
  • Use alpha-numeric and mixed case characters

3. Limit number of login attempts
Lock out visitors after a maximum number of incorrect entries of

  • Username
  • Password

4. Be on Your CMS’s latest version
Whether it’s WordPress, Joomla, Drupal etc, upgrade to the latest version of ‘the platform’ immediately, to ensure you have the latest security.

5. Keep Plugins & Your Framework or Theme Updated
Whilst 3rd party software saves on development costs, they are also a vulnerable point of attack.

  • Use plugins sparingly. 12 is low. 30+ is high risk.
  • Only use well-respected providers
  • Install updates as soon as they are released

6. Security Plugins
There are some excellent security plugins out there for blocking attempted hacks.

  • Instal a plugin to track and lock out attempted hacks
  • Instal a spam comments plugin to block users who post malicious links

As mentioned, whilst these six measures won’t stop the most determined hacker, these will make your site much more secure.

Uh-Oh… That’s made it worse!

Read This First

Your site may have been built incorrectly or poorly backed up. If so, updating software yourself may result in all bespoke development work being deleted.

That’s going to ruin your web developer’s day and they will be entitled to charge you to put it right.

Think Your Site’s Security has been Compromised

  1. Immediately change passwords of everyone who has access to the site.
  2. Contact your web developer immediately.

What Your Developer Will Do

  • Ensure everything is backed up, prior to upgrading software.
  • May attempt to remove any malicious code through a ‘back-end’ audit.
  • May contact the hosting provider and get the site instantly quarantined.
  • Best practice is to delete your site and get the host to ‘roll it back’ to a date, prior to the attack.

Then you can rest easy and go back to the day job.

2017-09-25T14:34:03+00:00 Apr 2, 2014|Security|