Last week was a hackers’ week here. First they tried to hack my email account, then all my websites’ files were deleted by a hacker. And the next day, I found out that LinkedIn got hacked and 6 million users’ LinkedIn passwords got listed on a public website. What a week!
Whenever we read stories about financial institutions’ and big firms’ websites being hacked, we always think – this cannot happen to us. They’re a big fish, why would they bother about me?
The answer is simple – many hackers do this for the fun of it, they don’t care who they hurt! Noone is actually safe…
Just picture this – once your website is hacked and you don’t have backups, your whole work is lost… You can restart building your website from scratch!
Even worse, sometimes hackers post adult-only links or other offensive content on your hijacked site – what image will that give to your potential clients visiting your site? But it’s more than that – your website containing such information can actually be blacklisted by Google….
So being hacked is not a great feeling from any perspective.
Here are a couple of things though you can do preventively to diminish the chances of being hacked:
1. Always keep your website updated and running to the latest version. With WordPress it’s just a matter of a click to switch to the newest upgrade. Hackers often (not always) go for sites that are running on old versions.
2. Keep your plugins updated. Developers of plugins come out with newer versions that contain not only enhanced functionality but also the latest security measures. So make sure you use the latest updates.
3. Use a secure (reliable) web server company. We can’t emphasize enough the importance of a reliable host company. Check with them what security measures they’re using. Really good host providers can cost one or two dollars extra, but don’t spare on the false end!
4. Avoid shared servers. Avoid hosting your business website on shared servers or keeping them under the same account with your other website. This can diminish the risk of compromising your money-making website.
5. Use a strong password and change it often. WordPress features a password strength meter which is shown when changing your password. This will help you decide if your chosen password is strong enough. Also, change your password regularly, on a monthly basis.
6. Use a secure FTP password and change it often. Check if your host provides secure (encrypted) FTP so that your password and other data cannot be intercepted by an attacker. Also, change your FTP password regularly, on a monthly basis.
7. Use a server-side password. This adds a second layer of protection to your site before attackers will have access to your admin files. You can get your IT contractor or web design person do this for you.
8. Use a firewall plugin. This helps screen out suspicious-looking requests. You can download the WordPress Firewall Plugin for this purpose.
9. Back up your website regularly. Check your web host whether they do regular backups of your data and how often. However, best is not to rely only on your web host provider. You can use WordPress plugins to do backups of your site. I’m personally using Backup WordPress and MyRepono. Why two? Because they work differently. The first saves its backups to my WordPress directory. But in case an attacker deletes all my WordPress files, it doesn’t help too much (unless I save it to my computer on a daily basis). The second plugin stores my backup on a remote location.
In fact, when my website was hacked and hijacked a couple of days ago, these backups saved me lots of time and effort. I just needed to call my host provider and they restored my site to its latest state in minutes (hugh, what a relief!).
If you really want to take the security of your website seriously, here is a link, taken from the codex of WordPress that explains what to do. And remember, you don’t need to do it alone! Get your IT guy take care of this or hire someone reliable for this purpose.
What security measures are you taking for your website? What tools are you using? Feel free to share for the benefit of all of us…
Category: Productivity & Tools