Protect Your Website From Hackers

 

Websites are considered the official online presence of a business. However, websites sometimes get hacked, whether you have an HTML website built from scratch, a Content Management System (WordPress, Joomla, Drupal), or a cloud DIY builder (Wix, Squarespace, Weebly). A hacked website can have a negative impact on your business through lost website visitors, stolen customer private data, infection of visitor devices with malware, and lost online transactions. Hackers are able to use bots to scan websites and then detect which ones have security holes, especially through out of date CMS plugins and themes.

A few common types of hacking include:
Denial of service attacks: Hackers send large amount of spam traffic at once.
Brute force attacks: Hackers will test millions of username/password combinations at once.
SQL Injection: Hackers will inject malicious code in web form and submit it into the website.
Social Engineering Attacks: Hacker manipulates user into divulging private information, such as a website admin panel password, by pretending to be a legitimate business partner.

Possible effects on the website:
• Website becomes an email relay for spam
• Website serves malware to unsuspecting visitors
• Website redirects to undesirable pages
• Website is defaced with references to porn, drugs, and illegal activity
• Website is mined for private information

Consequences:
• Lost visitors
• Lost e-commerce sales
• Lowered search engine rankings
• Lost time getting the site back up
• Visitor identity theft
• Lost/stolen data
• Blacklisting on anti-virus software and web reputation websites
• Ruined brand reputation

Actions to take for all websites:
Create strong passwords for login pages: For securing access to your hosting and/or website login, make sure your passwords use a mix of letters, numbers, and symbols. Also, store the passwords in a password manager, such as LastPass.
If you get a random request for your hosting or website admin panel login information, follow up with your webmaster.
Don't store confidential information directly on the site: A skilled hacker can scan your website and extract your information through an unrepaired security hole. If you're collecting private data from clients, such as patient information for a healthcare practice, link to a separate portal secured with an SSL certificate. The portal should also be compliant with data security regulations, such as HIPAA and PCI.
Use HTTPS if possible, especially if your site uses an e-commerce capability.
Use VPNs to access any hosting and website admin panels on public Wi-Fi. The public Wi-Fi you access in a cafe or airport is not secure and subject to spying by a nearby hacker.
Ensure that the computers used to manage the website are scanned with anti-virus software regularly.

If you have a static HTML and CMS website (WordPress, Joomla, Drupal):
Realize no website too small for hacking: Owners of small business websites tend to not update and patch their websites very often. Hackers are able to use software to detect unpatched websites quickly, and then attack the site through security holes.
Use a security application: A cloud web application firewall, such as SiteLock, CloudFlare, and Sucuri, can block spambots before they reach your website. If you have a CMS website, you have the option of installing a plugin, such as WordFence for WordPress and Centrora Security for Joomla.

If you have a CMS website:
Don't use the default username: Using the default user name, such as admin for a WordPress website, makes it much easier for a hacker to guess your login information by testing numerous passwords in seconds.
Change the website admin login address: Make sure to customize your login page URL and limit login attempts. For example, on a WordPress website, you can change your website login address to a customized URL of your choice. For example, yourwebsite.com/wp-admin can be changed to to yourwebsite.com/your-new-login.
Control user role privileges on your website admin panel: Administrators have full control over content, users, settings, themes, and more. Reserve administrator access to owners and webmasters. For the rest of your users, you can give them the privilege to create, publish, and/or edit content.
Keep the CMS platform, plugins, and themes up to date: CMS platforms, such as WordPress and Joomla work around the clock to ensure security vulnerabilities are closed. Make sure to update CMS software to the latest version as they become available.
Be selective when choosing plugins: A CMS plugin repository has a seemingly endless array of plug and play functions available, such as contact forms, page builders, e-commerce, and slideshows. Make sure to check when the extension was last updated. If the last update was from a couple of years ago, the developer might not be working on the plugin anymore. Also, the plugin should have high reviews (4-5 stars) and thousands of installs listed.
Remove unused and unsupported plugins: People tend to test out plugins and leave the rejects installed. If you tried out a plugin and it did not function well on your website, delete the program.
Enable CAPTCHAs on your forms: CAPTCHAs can prevent spam submissions on your registration, contact, and comment forms. Traditional contact forms require visitors to solve a CAPTCHA by entering numbers and letters displayed on a small image. However, Google simplified this process by creating a reCAPTCHA software that will only require visitors to select the "I'm not a robot" checkbox.
Keep backups of your website: Most web hosting companies will keep daily backups of your website ranging from two weeks to a month. You'll also want to have additional backups available by using a plugin to automatically send copies to a cloud provider (such as Amazon Web Services). If you get hacked, you can ask your webmaster to restore your website to the latest working version available and then repair the vulnerability.

To learn more about our IT services, contact us at This email address is being protected from spambots. You need JavaScript enabled to view it. or 877-794-3811.

 

Contact us at 877-794-3811 or [email protected] for Professional IT Support

get in touch