Living in an electronically connected world has many benefits – as well as a few challenges including the biggest one of security and protection such as getting your website hacked.
As a business owner, you may be dealing with several security issues from safe payment systems to secure client files to data protection. Today I want to talk about protecting your website from being hacked.
The reality is that no one is 100% safe and secure.
Hackers are smart, resourceful, and up for the challenge of trying to outsmart whatever measures are currently in place.
However, there are several things you can do to help minimize your risks to prevent your website being hacked, coded with malware, or corrupted.
Unfortunately, I learned this the hard way.
I thought I had solid layers of protections in place, only to discover holes and weaknesses I didn’t know existed. And I found this out one day when, instead of being able to access my website either as a visitor or in my backend editing dashboard, I got a weird error message.
Error messages can arise from time to time, often in relation to updates in themes, plugins or WordPress itself. So initially I was less concerned and more annoyed.
However, when I called my hosting customer service, I discovered that the error message was coming because two of my three sites didn’t exist. One site appeared to have the files and the databases completely erased while another site the database had disappeared.
Yes, it was one of those screaming OMG moments.
Almost a month later, my sites are back up online but I am still having to reload photos and make minor correction. And I’ve learned some valuable lessons that I’d like to share with you so hopefully you can avoid the experience.
First, know that the hackers are typically not targeting YOUR website or company specifically.
It’s not personal.
They are simply looking for sites that have vulnerabilities that allow them to come in.
Why do they want into your site?
Why hackers hack websites
The biggest reason is they are trying to monetize your site, usually by entering code or script that takes people off to another site where they are selling dubious products.
In some cases, if they are able, they will take over your site and redirect the domain to a completely different site.
Other hackers are simply doing it for fun and to prove they can. Sometimes they will put a message of their own prowess or ideology over your content. Or they may insert a virus or simple cause chaos and destruction in the site.
A third less common reason is that the hacker has been hired by a competitor to cause destruction or damage to your company.
What you can do to prevent website hacking
Here are important steps to consider.
- Update regularly. Site vulnerabilities, especially on open source platforms like WordPress, often come from not having your website platform, themes and plugins updated to the most recent versions. If you are managing your own site, you will get these notices on the backend dashboard or in an email if you’ve set up notifications that way.
If you have old sites that you aren’t using, remember they are still there and if you aren’t paying attention to update issues, are particularly vulnerable.
Update plugins one at a time to make sure they don’t conflict with your current platform version. By updating one at a time then assessing, you will be able to see which plugin might be creating an issue and the error message.
Also, if you are using a plugin that the developer hasn’t updated in more than a year, consider switching to a different, supported plugin.
- Have multiple layers of backups. I had a backup system on my hosting panel that I thought was enough. I discovered later that the backup existed in the same place as my site files. Therefore, when the hacker got in, they were able to delete the backups along with everything else.
I now have a three-tiered back up approach so that if I do encounter future issues, I will be able to restore my data much easier:
- I have a new hosting plan that backs up to an off site server and they do it daily so I don’t have to remember
- I back up weekly (or after major edits) to my external hard drive
- Because electronics are connected, it means that if your external hard drive is connected to your laptop or desktop computer and gets hacked, they can get to the backups there. So the final layer is to have a 128 GB flash drive that you back up the files and database to and put in a secure non-electronic space – like a desk drawer.
- Have a secure password and change it every 6 months. This is the password that you use to get into the backend of your site to add posts, create edits, and perform any administrative tasks. A secure password is usually longer than 11 characters, has upper and lower case letters, numbers and at least one special character. The best are randomly generated, but then those are hard to remember.
Don’t choose obvious things like dates, names or events that can be discovered easily through data sites or social media. But do choose something that makes sense for you so you remember it!
Change it every six months so the bots and hackers have a harder time figuring it out over time.
- Add a security system. There are different security plugins that scan and alert for malware and, depending on your version, will also allow you to remove issues, like Wordfence. There are also host product add-ons that will find, fix and remove the malware like Securi. Then there are add-on features that provide firewalls to block and prevent the malware. Depending on your host service, some of these may be built in to your web host plan.
At the least, you want something you either add on yourself or is included in your hosting that includes detection so you can see problem activity. However, I would recommend going a step above to the level of a service to fix and remove malware as well.
No doubt the firewall is even better, but it can cost significantly more so you have to evaluate your budget, priorities and what gives you the best peace of mind.
- Watch for warning signs. Just like when credit card thieves test with several small purchases to see if the stolen numbers will work, hackers can start small before a major attack.
Warning signs might be finding strange hyperlinks in blog posts that take your visitors to a site selling questionable products. Or having a bunch of new people sign up on your mailing list with numbers instead of a name. Or if things don’t seem to be working right or quite as well, don’t put it off and hope it will just get better. This leads me to the next point…
- Have a good customer service – tech support group with your website host. I have been managing my own website for over ten years and have encountered numerous issues and questions. My tech people have been, for the most part, not only incredibly helpful but lifesavers at times.
Make sure you have 24/7 phone support that’s included with people who you can communicate well with.
One company that is highly ranked for their customer service is Site Ground. While I liked many things about them, I also found out they are based in Bulgaria. I don’t have anything against the country and the two people I spoke with had good English skills. However, I already find that there can be a gap in my non-expert tech speak and didn’t want to add another layer where they could be misunderstanding for complex issues based on language differences. So I choose to stick with my current host which is Violet Host/Go Daddy and has American based tech support.
- Be persistent if you do need help. You will get different answers and different levels of expertise from different people in the customer service group. The first person I talked with who informed me of the hacking disaster was not helpful, kind or even accurate I later discovered. I took the information in, did some research and called back (several times) until I was getting the support I needed.
Turns out I was able to recover 95% of the content I had been told was wiped out or inaccessible. It took finding the right person who was willing to go above and beyond. Often there are solutions and answers. Keep digging until you can find the help.
Hopefully these tips will not only help you better secure your website against getting hacked or corrupted, but also give you more peace of mind that you do have things in place.
Copyright © 2017 to present Jamie Durner, Holistic Business Mentor Coach @ holisticbusinessprosperity.com. All rights reserved.
Helping Ayurveda Professionals & Holistic Practitioners Build a Profitable Practice with Greater Ease
Get started on your journey to a prosperous and fulfilling practice...
...by scheduling your BUSINESS SUCCESS STRATEGY session. In this complimentary 30 minute session, you will have the opportunity to gain greater clarity about your current situation, where you want to go in terms of your business goals, and the challenges you’re having getting there.
We’ll also discuss the holistic business coaching programs I offer and determine if what I do can help you get where you want to go.