Website hacking is on the rise but there are steps you can take to protect your site.
With a sharp increase in the amount of websites hacked in the past year as well as the increasing prevalence of outdated website software that can leave a site vulnerable, website security is more important than ever. Your business’ reputation and user information is at risk if you’re not taking precautions to safeguard your site. Consequences can range from insignificant SEO (search engine optimization) spamming all the way to taking down government officials (the Panama Papers were obtained from a hacked website with an out-of-date plugin). The good news is there are steps to keep your business site safe.
According to website security company Sucuri in its quarterly Website Hacked Report 2016 – Q1, “As of March 2016, Google reports that more than 50 million website users have been greeted with some form of warning that websites visited were either trying to steal information or install malicious software. In March 2015, that number was 17 million. Google currently blacklists close to 20,000 websites per week for malware and another 50,000 or so per week for phishing.”
Website attacks are an increasing problem. They usually involve malware injections, where website files are changed without your knowledge and don’t make any noticeable changes to your site visitors. They can only be detected by scanning your website for malicious files. If you don’t find these files first, there’s a good chance your site will be blacklisted by Google. Have you ever gone to a website and been greeted with a red screen reading, “Go away, malicious content ahead”? That’s what happens when Google recognizes a site’s been hacked.
There are countless ways to attack a website, and the chances yours will be hit are completely random. Some businesses are just unlucky, while some leave the door open with vulnerabilities. Worst case scenario, your site is hijacked and all your site files are deleted and replaced with the hacker’s own page. If this happens, the only resolution is to reinstall a backup file of your website. There are, however, steps you can take to help prevent it from happening. And while there are no 100 percent effective solutions, it would be reckless not to try.
Make sure you’re running the latest version of your website software. More than 60 percent of business websites are run on WordPress, which makes it the most attractive target for hackers. In an analysis of more than 11,000 hacked websites, Sucuri found that in excess of 50 percent were running out-of-date versions of WordPress and plugins. That’s just asking hackers to find a way to exploit.
Use strong passwords and change them regularly. The most common way a hacker gains access to a site is by guessing a weak password. Never use the username “Admin,” as it’s typically one of the first usernames they’ll try. Tools like Dashlane or LastPass can help you keep secure passwords and easily change them on a regular basis.
Use a security plugin. This tip is specific to WordPress websites. Adding a security plugin will help safeguard your site by blocking malicious visitors, enforcing strong passwords and hiding login pages. Security plugins can also scan your site to make sure there are no malicious files present. The two best are WordFence and iThemes Security Pro.
Put your website on security firewall. When you’ve done all the steps above and are still having issues with your site, it’s time to put it on a security firewall. A firewall works by routing your website traffic through a firewall first, then passing it on to your website hosting. The firewall filters out malicious activity, DDoS attacks and other threats to your site.
Maintain a current backup of your website. The best insurance policy you have is to keep a regular backup of your site in case it’s hacked. Make sure your backup is kept in a different place than where your website is hosted (I suggest off-site or cloud storage). It’s also important that you have a procedure in place to restore your backup quickly necessary.
Website security isn’t only important to your business’ reputation, it also protects customers coming to your site. Be proactive and diligent to ensure the safety of everyone’s information.
Kevin Gallagher is owner of Inbound Design, founded in 2009. Inbound Design provides ongoing website support and maintenance as well as a one day website build. Learn more at inbounddesign.com.
