The past couple of years have been a nightmare for thousands of companies who have had the displeasure of dealing with a website hack.
Numerous stories have recently been featured on the news, think Target, Sony and JP Morgan Chase, and the results were disastrous. Regardless of whether your business is big or small, the experience of having your website hacked can be devastating and ultimately disastrous for your company and clients. How do you prevent your site from getting hijacked? While there is no sure way to guarantee a hacking will never occur, regular security and maintenance updates are your best defense.
According to Sophos Labs, 30,000 websites get hacked every single day.
That’s a staggering, somewhat horrifying, number. In addition, Symantec reports that over 317 million new malware threats were created in 2014. The scariest part is that cyber-attacks happen within minutes and have the potential to spread like wildfire.
The best offense is a good defense. There are a few simple steps you can take to protect yourself and your website against malicious attacks.
Ditch Weak Passwords
Having a secure password is an easy way to add extra security to your site. While it’s tempting to use the same passwords across the board, this can be extremely dangerous. Opt for a password that contains a mixture of letters, numbers, and symbols and change it frequently.
Keep Your Website Up-To-Date
It’s imperative to keep content management systems (CMS) such as WordPress, Joomla, and Drupal as well as web-based software up-to-date with security patches and bug fixes. Hackers can easily gain access to websites through outdated software, upload malware and Trojan, and wreak havoc on customer’s computers and devices.
Schedule Regular Maintenance
At a minimum, website maintenance should be performed at least once a month. Regular maintenance ensures that your site is current and any threats are eliminated. This is also a great time to backup all of your information, check on site efficiency, optimize performance, and troubleshoot any reported issues.
What Happens if Your Site Gets Hacked? Here are a few live examples from the last 6 months.
- A hacker used the site to host and store images, misc files and links to other sites. These were adult oriented images creating an obvious issue for this enterprise level consulting practice. This site was not kept current and had a 2 year old version of WordPress.
- A hacking group from Pakistan took down the entire site leaving only a splash page with a boasting graphic. (see graphic) Backing up the site was viewed as wasteful expense.
- Site hacked and malware infected the entire site. Home page was a converted to a Viagra billboard. No on-going updates were made on the site in over 2 years. It was viewed as unnecessary.
- Easy password hacked. User name John using the password John is never a good idea. Site hacked and flagged by Google.
All of these issues could have been avoided by using best practice passwords, keeping WordPress and plugins current and checking the on-site security.
Having a developer in the site once per month is a necessary best practice.