Beating the Hacking Reaper - Ways to Protect Your Website
Part II in our Halloween 2015 blog series.
Website hacking has become an increasingly common occurrence, with tens of thousands of sites and applications affected every day. It seems that no one is safe, including Ashley Madison, Apple’s iCloud, J.P. Morgan and Home Depot to name just a few. Last week Google announced they are cracking down on spam and hacked websites, not only removing more of them from search results but removing them faster.
Unfortunately, you will never be able to 100% safeguard yourself from being hacked by a determined and skilled individual or group. However, there are a number of things you can do to ensure you are less likely to be affected - and if you are affected, how you can minimise the effects on your business.
1. Choose your passwords wisely
A “brute force” attack is when hackers use a malicious script to repeatedly guess your password. The stronger your password is, the less likely they are to succeed.
When we say “stronger”, we don’t just mean add a few numbers or punctuation marks into a word. It is best practise to use a password generator that provides you with unique passwords across all of your logins. Using the same password for everything might be time efficient but if one is hacked, all of your accounts are compromised.
Change your passwords frequently and don’t send them to others via email, which is unsecure. We’d also suggest choosing a username that isn’t simply “admin” and avoid using obvious answers to security questions. It’s surprisingly easy to find out someone’s mother’s maiden name online.
2. Limit login attempts
As part of a security update in June, we now limit the number of CMS login attempts. This is for your website’s protection. After a certain number of failed logins, users are locked out of the CMS for a period of time. This prevents hackers using password-guessing software to gain access.
In addition to limiting logins we also ensured that admin page URLs weren’t simply “/admin”, making the CMS access harder to discover.
3. Update, update, update
It is important not only to install anti-virus software to your computer, but to keep your operating system, all applications and devices updated. Over time new vulnerabilities are exposed and such updates are put out to fix them.
4. Back up often!
In the unfortunate situation where your website is hacked, you want to be able to restore it to its former glory as soon as possible. Check with your website hosting company whether they back up your website each day (like we do for our clients).
5. Use SSL certificates
If your website collects personal information from visitors, you (or your development company) should install a security certificate to help prevent this data from being stolen. Google also will reward you for this in search rankings.
6. Use common sense online
In addition to the above, here’s a few really quick pointers:
- Never share sensitive information via email
- Never click on suspicious links, even from friends (they may have been hacked themselves)
- Hide key personal information online like your birthdate, address etc
- Password protect all your devices
- Don’t use auto-fill functionality on your browser (imagine if your computer was hacked and someone had access to this information)
- When staff members leave, remove any login access they may have had to websites, computers and such
- Don’t ever use a non-password protected public wifi connection to login to any accounts – this type of connection is unsecure
Although all of these actions cannot guarantee that you won’t ever be hacked, it will provide you a solid defense and make it more difficult for your computer and website to be an easy target for the hacking reaper.