We recently suggested you should forget about search engines and prepare content on your website instead for visitors first and foremost. This time around we’re suggesting you don’t forget about the robots. You should fear them, actually.
What do we mean by that? Well, we’re not talking about the friendly robots that will learn how to take care of our geriatric selves because there aren’t enough younger folks around to do the job. Rather, we’re talking about the never sleeping army of ‘bots that exist on infected computers worldwide that are relentlessly trying to break into your website. Fear those robots. They don’t need to eat or sleep. All they do is search for and exploit weakness without rest.
People (not yet the ‘bots themselves, or so we hope) ultimately control those devices. Why would they want to hack into your site, especially if your site doesn’t get a lot of traffic? Well, we recently helped an entrepreneur whose site had been hacked. The bad guys placed a bad link element on the site that would take people, if they clicked on it out of curiosity to one or more malicious websites where the bad guys could do bad stuff. (“Hmm,” you might say, “what in the heck is this designer fashion link doing on my friend’s website about vegetables?” Click. People are naturally curious and the bad guys exploit that fact all the time.) One thing the baddies is attempt to infect the computers of visitors to those sites. What can you do with an infected computer? You can log its keystrokes or turn on its camera or microphone in an attempt to gain either information about the user, or access to the user’s accounts. You can prevent user access to the computer and blackmail the user so they pay to regain access. You can direct the computer to click on advertising to send illicit gains to criminals. Or maybe you just like messing with people. The bad guys have all sorts of motivations.
So how can you defend your website? Here are some handy and
Essential Tips to Protect Your Website from Being Hacked
- Keep your site software up to date. On a WordPress site, new versions of the core software, themes and plugins correct security flaws ALL THE TIME. Ensure that your software is current. This is a daily task, truthfully, and is one of the reasons our WordPress “managed care” service –where we take care of updates among other things– is so popular.
- Make sure your host is using up-to-date software. If they’re not, ask them about it. You can check here: https://sitecheck.sucuri.net
- Place security software on your website. If you use WordPress, some good plugin alternatives are Wordfence, Sucuri Security, iThemes Security, and All In One WP Security & Firewall. Like with anti-virus software on your computer, it’s not advised to use multiple plugins performing the same function. Use security plugins to “harden” your website in multiple ways. The plugins themselves will usually offer good advice on how to secure your site.
- Use challenging login credentials. Your username should not be “joesmith” if your name is Joe Smith. Your password should not be “passw0rd”. Here’s some useful advice on online passwords we wrote a bit ago but still valid today.
- Never ever use the username “admin”.
- Don’t email around sensitive data, like login credentials.
- Block traffic from countries whose visitors you have no interest in. Sorry China, Russia, Brazil, Nigeria, and Ukraine, but if I’m not interested in selling my goods or services to people in your country, I might block your country’s traffic because of how much bad traffic comes from those places. It’s not a failsafe. Bad guys can spoof where they are coming from, and you may block traffic you authentically wouldn’t mind having. Lest I be charged with chauvinism, let’s not forget that there are plenty of bad guys in the good ol’ US of A also interested in tampering with your website.
- Routinely run security checks on your site. Visit that Sucuri site at #2 above.
- Back up your site regularly, and keep a series of backups. Despite best efforts, you can still get hacked. If your site ends up hacked, you’ll, with hope, be able to get it backed up to a pre-hacked version.
- Watch this video by Flight of the Concords
By the way, if you’d really like to get freaked out about online security, read the smart, informative, timely Brian Krebs on Security. It’ll give you goose bumps. In the alternative, you can always look at the logs your security software produces and review, dropjawed, how many attempts there are to break into your site on a daily basis.
Image source: Ben Husmann on Flickr, used with Creative Commons license. Image modified.