4 Essential Website Security Steps to Help Prevent You from Being Hacked
We've all heard stories of websites getting hacked. A hack can come out of the blue, damaging your website and costing you valuable time and money. But, do you know how to prevent your website from getting hacked?
Is your website Fort Knox or a sitting duck? Contact me to find out!
Most website hacks are preventable. Follow these 4 steps to reduce the chances of it happening to you.
STEP 1: Ensure your website developer uses best practices
Your website developer plays an important role in the security of your site. Poor internet security practices can contribute to website vulnerability and breaches.
Ask your developer what internet security measures will be - or have been - put in place.
Best practices include:
- appropriate file permissions
- an .htaccess file
- password protected directories
- special PHP directives
- and more...
For more best practices read Hacker's Calling Card
STEP 2: Choose a hosting company that makes security top priority
Many website hacks are due to poor website hosting server security. I've received calls from several companies whose hacked websites were using the same well known (cheap) hosting company. Like most things in life, you get what you pay for.
Not all hosting companies are created equal.
When you select your hosting company, look for their server security information. A good web hosting company will boast about their security methodology. Choose them!
I trust Rochen Hosting with my websites - contact me to see if Rochen is right for you.
STEP 3: Keep your website software and firewall up-to-date
Your website has likely been built using a content management system (CMS) software such as Joomla, Drupal or WordPress. When your CMS developers release an update - which may include bug fixes, critical vulnerability patches, and new features - it's imperative you update your version as well.
Outdated software is a common reason for many hacked websites. Contact me to learn about our website software maintenance service.
BONUS TIP: don't forget to backup your website after each update. This ensures you'll always have a clean site to roll back to in the event of a hack.
Firewall software provides your site with an additional layer of protection and can thwart a wide variety of hacks. I've been using RSFirewall! for years and also offer firewall installation and configuration as a service.
See RSFirewall! in action below, showing the frequency and types of attacks blocked on THIS site.
Learn how RSFirewall! can help protect your website from being hacked.
STEP 4: Use strong usernames and passwords
IBM’s 2014 Cyber Security Intelligence Index reports that 95 percent of all security incidents involve human error. Many of these due to the use of default usernames and passwords or easy-to-guess passwords.
If your website has been hacked, it's likely been hit by a BOT - an evil little script that crawls through the internet looking for a site to devour. The most common login names bots use to break through a website's back door are "admin" and "administrator".
Don't use admin or administrator.
Do use a unique username (at least 8 characters) that you've not used for any other online account.
Example: msJ3Nskey2Enter (Ms Jens Key To Enter)
Don't use a word that is related to an aspect of your life, such as the name of your first pet, the city you were born in, your mother's maiden name or your date of birth.
Do use a password generator. Make your password at least 12 characters long, includes lower and uppercase letters, numbers, and one or two special characters.
Try this FREE online Password Generator
READY? Suit up
No website is completely hack-proof but take heart... the Russians are not likely after you. Your challenge is the onslaught of bad bots and rookie hackers. If you follow these 4 steps, you will have greatly increased the chances of your website surviving the wild wild web.
Questions? Contact me to chat about your website's security!
Posted in Website Security