You may think your website has nothing worth being hacked for, but thousands of websites like yours are getting hacked daily. There is no need to be a million dollar website to get hacked… it could happen to you as easy as we talk…
In the most of the cases, hackers don’t have anything personal with you. You are just one of their potential victims.
There are two main reasons that your site could be hacked.
The first and the most usual one is to gain access to your server and use it for sending spam emails, set up a temporary server to perform illegal activities, create redirects to illicit websites, or to distribute malicious software and viruses.
The second reason is to steal personal data of your business and/or of your clients, such as email addresses, credit card information, passwords, and other private and sensible data.
This could be a very serious problem for you as you have a legal obligation to protect this kind of data from thefts and to report any hacking attempt. And it wouldn’t be the only one…
If your website gets hacked is marked as dangerous by the search engines and browsers, and people are warned about it before they visit it. Plus, it’s blacklisted, and even if you fix the damage you have a long way to go to restore your credibility.
But this will be the least of your problems… It’s quite doubtful that people who saw this warning will come back later. The worst thing is that these people will talk about it to other people as well. Let’s not forget, the word of mouth is one of the most powerful media of advertising and/or disgrace…
After all these, you can kiss your clients (if not your suppliers and partners as well) goodbye!
Lastly, add to this disaster the fact that your website will be compromised and you may need to build it from scratch if the damage is irreversible.
I think now you understand how important is for you to protect your website and consequently your business and stop risking your credibility and reputation.
A hacked website may lead to potential lawsuits, complaints, bad reviews and so many other negative consequences that could ruin your business!
Let’s be honest. The truth is, you will never be 100% safe. Although, you can secure your website and eliminate the hacking attempts up to 95% – 97%, which is more than good for an average website.
Let’s see how you can do that…
The first thing that you should do is to backup regularly your website. This way, if you ever get hacked you will be able to restore your site as soon as realize the issue.
The good news is that this is something very easy to do, and in the most of the cases, the entire process could be automated.
If you built your website using a CMS (such as WordPress, Joomla, Drupal, Prestashop, Opencart, Magento, and others) you can easily find a free or low-cost plugin/module that does exactly what you need.
Search in the corresponding repositories for it, typing the word “backup” and choose the one that fits better to your needs. Just make sure that in its features a database backup is also included.
Any CMS includes a database. While all the technical elements are included in the files of your website, all the content (such as pages, blog posts, products, reviews, orders, etc.) and the settings of your website are stored there.
If you are not using a CMS, then check your admin panel (usually a CPanel or a Plesk Panel) of your hosting account (where your website is hosted). There you will find the backup feature.
If you can’t find it, or you aren’t familiar with these environments, contact your hosting provider and ask to set up your server to run automated backups once and a while. If you update your website often, schedule your backups to run daily, otherwise once per week is enough.
Always make sure that you keep your scripts and software updated to their latest versions.
Many of the tools that you use are created as open-source software programs. Meaning that hackers are already familiar with their known security loopholes and weaknesses, and they exploit them to gain access to your website.
By updating your website every time a new version of the software/script used is available, you eliminate this risk, as every update includes several fixes for these weaknesses.
Another common mistake that people do is to keep the original settings of their website unchanged or make the too obvious. Here are few things that you should definitely do:
✓ Change regularly your admin passwords. I think it’s obvious that you should generate strong passwords!
You can find a great free tool for that here.
✓ Lock your directory and file permissions. In Linux servers, set the permissions for your folder and directories to 755 and to 644 for the individual files.
✓ Install an SSL certificate.
✓ Use security modules/plugins/scripts.
✓ Hide your admin area. Don’t use words such as “siteadmin”, “backoffice”, “admin”, etc. You don’t think too you make hacker’s work too easy?
✓ Remove or rename any demo content.
The easier and fastest way for someone to inject malicious scripts to your site is to upload them. So, don’t allow that!
Stop allowing to your visitors to upload files. Add a note and ask them to contact you to let them know to which email address they could send the files they want. Make their life even easier, and if they want to send you a screenshot, ask them to use this free and handy tool.
The best way to protect yourself is to know exactly what may be exploited by the thefts. To discover the vulnerabilities of your website, you should perform a security audit meaning an in-depth analysis of your site.
Unfortunately, this isn’t something you can do yourself and could be pricey enough as usually a security audit costs several hundreds of dollars.
It is though the most effective way to identify the weaknesses, security loopholes, and vulnerabilities of your website. Once you receive your report you can forward it to your developer to fix any issue found. This way you secure your website as much as you can.
If you are interested in an extremely cost effective but yet detailed, in-depth security analysis of your website, then you should check my Security Audit Service, offered in discount for a limited time.
I hope you realized how important is to keep your website safe and you found this article useful!
Until next time…