Within the past year, the number of websites compromised by hackers has increased by 180 percent according to Google. In my work, I’ve also seen a rise in the number of hacked client websites. While there is no guarantee that your website can be made hacker-proof, what are some smart ways that you can increase your protection?
Don’t think it won’t happen to you.
One false belief I have encountered is that because you’re a small business or a church or a community group, you won’t be a target for hackers. While it is true that more malicious hackers work with the intent of bringing down government, corporate, or financial websites, smaller hackers simply want to disrupt websites because they can. Often, they may not even know that they’ve hacked your website in particular. Their clever little automated code does the dirty work for them.
Think of your website like a house. We work to keep doors and windows locked as best we can, but hackers are simply going from door to door, turning each knob to see if they can get in. Sometimes it can be that, but other times, they’re looking for other vulnerabilities that we don’t know about: an old, unlocked coal chute, perhaps. So our goal is to secure our houses the best way we know how.
Keep your software updated.
More than any other weakness in a website, I have personally seen that websites are most often hacked because of a vulnerability or security hole in its software. Many software updates occur to patch these discovered vulnerabilities. Since most of my clients use WordPress on their websites, I can advise that any time you see a number in a red-orange circle next to the “Updates” menu in your administrative area, you have something outdated, and fixing that as soon as possible is highly recommended. Before you update, be sure to back up your website first! (Read why here.)
Strengthen (and change) your passwords.
While weak passwords have not been a primary cause of hacked sites in my experience, it’s still important that your passwords are strong, long, and unique. In a nutshell, a strong password mixes uppercase and lowercase letters, numbers, and symbols. The longer the password, the longer it takes to crack. (In fact, length is often a more important factor in safety than the mix of characters it uses.) Also, passwords should never be repeated from site to site or app to app, and they should be changed frequently. Make sure that any passwords connected to your website, whether WordPress, your web host, or your FTP account, are all strong, long, and unique.
Use security monitors and scanners.
Google Search Console (formerly Webmaster Tools) is a free service from Google to help you understand and improve your website from Google’s perspective. Additionally, it will often notify you when you might be hacked before you’d find out on your own. You can set up a free account here.
If you’re on WordPress, you can use plugins like Sucuri or Wordfence to scan your website regularly for problems in addition to locking out attacks to your login system (where hackers try all sorts of username and password combinations very quickly to hit the right one). Both services have free and subscription versions that can alert you to problems early on.
Some web hosts and other companies also provide security scanning for non-WordPress websites.
Be smart.
Keeping on top of your website through updating your software, strengthening your passwords, and scanning for vulnerabilities will go a long way to deterring ne’er-do-wells from damaging your site…and disrupting your business.
Image courtesy of Colin (Creative Commons license).
