Keeping your website safe and secure from hackers is an ongoing process. Ultimately you are responsible for securing your own website. In this post we will look at the best ways to ensure that you protect your valuable data and website from being hacked.
By being hacked that covers a whole range of things. Here are a few examples:
- Uploading Phishing scripts – this is where your account is used to send fake emails purporting to be from banks or payment companies like PayPal asking for you to login to a fake site so that you provide your secure login credentials
- Uploading Malware to steal your valuable data
- Uploading Malware to perform other damaging tasks like Dedicated Denial Of Service (DDOS) attacks where thousands of PCs are used to attack a website and bring it down through weight of traffic
These are just examples of the types of things that can go wrong if your site is hacked. But not only that, it can affect the integrity of the server that you are hosted on and that can lead to the server being blacklisted. When a server is blacklisted it means that it may be dificult to send or receive emails to certain Internet Service Providers (ISPs) who refer to the blacklist in question.
Also for your website you can get blacklisted by Google. That could mean that people see a warning message when they want to enter your site or your site could be removed from Google’s listing which would have a detrimental effect on your business.
So here are several ways that you can take action to prevent this from happening and to protect your website and your business from hackers.
Perform Regular Automatic Backups
If your website is hacked, the first thing you will need is to revert to a version of your website that did not have the malicious files (Malware).
With our hosting service you have a basic backup feature in cPanel which allows you to backup your files to your local device or even to another server. This is a basic service though and it requires you to remember to perform the task.
As with any manual process it only works if you remember to take back ups. Let’s face it, you’re busy and taking daily backups doesn’t feature highly on your todo list.
A better solution is to use a professional automated backup service that takes regular ‘snapshots’ of your data. Should you need to restore files from backup this is something that you can manage yourself.
The beauty of a professional automated backup is that you can restore from different points in time rather than having to use an old backup from maybe a few weeks ago.
Check Your Content Management System Is Up To Date
These are usually free tools, but you need to make sure that you stay up to date. Most of them are open source CMS which means that anyone can see the code including hackers. For this reason the CMS are updated on a frequent basis so that any vulnerabilities are addressed to prevent hacking.
You can find the most popular updates at the following links:
The things to bear in mind is that hackers are not necessarily targeting our business as such. They are just looking for vulnerabilities and if they detect an out of date CMS then you are a sitting duck for them.
Upgrading from one update to the next is quite straightforward and you can update WordPress automatically within the CMS. If you are not sure though check with your developer or ask our tech support team.
The only time you may need to be careful is if your CMS has not been updated for a long time and you are making a jump of several updates at once.
Finally, before any update or upgrade of your CMS, make sure you perform a full backup for security purposes so you can restore your site in the event of any issues occurring.
Keeping your passwords up to date and hard to crack is basic security but is one of the best ways to protect yourself.
Regardless of whether it’s your CMS, Hosting control panel, email accounts or the FTP details for your hosting account. The reason this is important is because Brute Force Attacks are widespread and just keeping on top of passwords is an easy way to prevent them.
Here are a few ideas to help you:
- Include numbers, characters, special characters and upper and lower case characters
- Don’t use the same passwords for different systems
- Update your login details frequently
Migrate to HTTPS (SSL) Secure Hosting
You may be wondering exactly what HTTPS is, but the chances are that you are familiar with it. It is the secure area of a website and can be identified by the padlock in your browser.
Traditionally HTTPS has been for Ecommerce sites who accept online payments or other websites where sensitive data is passed between a person’s computer and a website.
HTTPS is setup when you install an SSL Certificate on the web server for a particular domain. This certificate then allows an encrypted link between the web server and the computer being used to browse the website.
However, in recent years Google has been heavily promoting the need for better online security and in fact these days HTTPS is now recognised as a Google ranking factor in their search algorithms. All that means is that websites with HTTPS will get a tick in the box from Google which may help their rankings which means more traffic.
Use a Website Site Shield And A Web Application Firewall
If you want to proactively protect your website then you should consider using a Site Shield which periodically scans your website and notifies you of any issues. It displays a Site Shield on your website to reassure visitors that your site is safe and free from Malware.
Some include a Web Application Firewall (WAF) which monitors your site constantly and looks for the top known threats like OWASP’s top 10 threats. These could be things like Cross Scripting (XSS), Injections, and Cross Site Request Forgery (CSRF).
The advantage is that with a WAF it will not just identify Malware but also remove it so that your site remains healthy and your business is not affected.
A WAF is included with Pickaweb’s SiteLock (Find, Fix and Prevent) service.