“When developing a website for your business, it is important to remember that your website is never safe and is prone to being hacked. Although there are billions of websites on the Internet many assume that they have a small to zero chance of being hacked – this is not the case.” Netregistry.com.au
Many bloggers, sole traders and small businesses use open-source content management systems (aka CMS) for the framework of their website.
Because they are free to use, relatively easy to use, and there are thousands of forums dedicated to supporting those CMS. This often makes it easier to develop and maintain yourself with minimal help from a professional.
Using open source CMS such as WordPress or Joomla (as two examples), as awesome as they are, can leave your website exposed to hackers unless you do your research and set up your site to minimise the likelihood of attack.
You may think that it will never happen to you.
That you’re just a small site keeping to your own corner of the world wide web.
Most attacks are random, code driven and not designed to be a direct malicious attack on your business or your customer data.
Sometimes the hacker will leave a “tag” of their hacker name all through your website; sometimes your index page content is replaced with an advertisement of their success at hacking your site; other times random attacks can be made directly to your theme files or any extensions or applications you have running on your website.
There is also the direct malicious attacks which are designed to get into your business system, remove all of your content in one foul swoop or strip all of your user information including email addresses, contact information and payment data. The latter type of attack is usually designed to steal customer information or derail your online business and can be difficult to recover from.
As millions of websites use the same CMS framework and extensions, a vulnerability in their code can leave all users open to a hacking event.
Most random hacking events can be rectified quickly without the loss of data. However, the best things to be mindful of are:
- Setup your CMS or website to minimise the likelihood of hacking.
- Research plugins or extensions that you can use to block attacks.
- Keep your CMS, extensions, and theme up-to-date.
- Don’t use a generic username or password (ie. admin, admin123).
- Don’t use the first 5 user ID’s as a website administrator, create dummy users if necessary.
- Change your password regularly.
- Regularly scan your computer, mobile or tablet for malware which can track passwords or gain entry to your site via FTP programs.
- Activate a back-up service with your hosting provider.
- ENSURE THAT YOU BACK UP YOUR WEBSITE REGULARLY!! (even if you have a back-up service in place)
And, if you do get hacked – so many of us have been there – don’t panic.
Grab your last website back-up, contact a professional or your hosting company for assistance, and you’ll be back online in no-time. So, if you haven’t backed up your site in a while, take 5 minutes now to do it.