“When developing a website for your business, it is important to remember that your website is never safe and is prone to being hacked. Although there are billions of websites on the Internet many assume that they have a small to zero chance of being hacked – this is not the case.” Netregistry.com.au
Many bloggers, sole traders and small businesses use open-source content management systems (aka CMS) for the framework of their website.
Why?
Because they are free to use, relatively easy to use, and there are thousands of forums dedicated to supporting those CMS. This often makes it easier to develop and maintain yourself with minimal help from a professional.
Using open source CMS such as WordPress or Joomla (as two examples), as awesome as they are, can leave your website exposed to hackers unless you do your research and set up your site to minimise the likelihood of attack.
You may think that it will never happen to you.
That you’re just a small site keeping to your own corner of the world wide web.
BUT:
Most attacks are random, code driven and not designed to be a direct malicious attack on your business or your customer data.
Sometimes the hacker will leave a “tag” of their hacker name all through your website; sometimes your index page content is replaced with an advertisement of their success at hacking your site; other times random attacks can be made directly to your theme files or any extensions or applications you have running on your website.
There is also the direct malicious attacks which are designed to get into your business system, remove all of your content in one foul swoop or strip all of your user information including email addresses, contact information and payment data. The latter type of attack is usually designed to steal customer information or derail your online business and can be difficult to recover from.
As millions of websites use the same CMS framework and extensions, a vulnerability in their code can leave all users open to a hacking event.
Most random hacking events can be rectified quickly without the loss of data. However, the best things to be mindful of are:
- Setup your CMS or website to minimise the likelihood of hacking.
- Research plugins or extensions that you can use to block attacks.
- Keep your CMS, extensions, and theme up-to-date.
- Don’t use a generic username or password (ie. admin, admin123).
- Don’t use the first 5 user ID’s as a website administrator, create dummy users if necessary.
- Change your password regularly.
- Regularly scan your computer, mobile or tablet for malware which can track passwords or gain entry to your site via FTP programs.
- Activate a back-up service with your hosting provider.
- ENSURE THAT YOU BACK UP YOUR WEBSITE REGULARLY!! (even if you have a back-up service in place)
And, if you do get hacked – so many of us have been there – don’t panic.
Grab your last website back-up, contact a professional or your hosting company for assistance, and you’ll be back online in no-time. So, if you haven’t backed up your site in a while, take 5 minutes now to do it.
This happened to us when we first launched Mums Who Make – I know how automated backups done daily but back then I did not and of course in that week I changed sooo many things on the site so I spent hours putting them all back in!
Live and learn. Great article
It happens to the best of us Alison. I too have experienced many different forms of hacking on my own site and the sites of others. It’s not a nice place to be when it happens, but if everytime you make changes to your site you take a new backup of your site it doesn’t take anywhere near as long to get your business back online.
Hey you two!
So the 5 user ID things… Do you mean set up, say, user 1, user 2, user 3, user 4, user 5, and then user 6 is the one you actually use as the administrator, log in with, post with etc…? And do you have any specific recommendations for a back up plugin, OR any to avoid? I really loved this post, found it SO helpful!
x
K
Hi Kathryn, protecting your site starts from the original setup at the beginning, creating your own database and table prefix that isn’t the standard wp_ that everyone gets if they use the ‘simple scripts’ or ‘fantastico’ easy install from their hosting control panel. I recommend WP Firewall 2 or WP Security Scan as good plugins for some level of protection. And, yes use a different user ID than user 1 or 2 as the administrator as anyone would assume the first user created is the administrator of the website. Some other helpful hints can be found here: http://www.wpsecuritychecklist.com/the-wordpress-security-checklist-interactive-version/ and http://www.mastermindblogger.com/2011/14-ways-to-prevent-your-wordpress-blog-from-being-hacked/ Hope this info helps and not confuses you more.