How to protect your site against hackers
The consequences of getting your website hacked range from slightly annoying, if your site is merely defaced, to totally devastating, if your site is a main source of income and it gets taken offline. How do these things happen, and what can you do to keep your site safe? You might ask yourself “How do I protect my site against hackers?” This post will provide you with some tips and advice on how to do just that.
How Do Hackers Hack?
Simply put, hackers find a vulnerability on your site and exploit it. This is done one of two ways. They either come in the “front door,” by guessing your username and password, or they find a file they can write to and modify it with code that gives them a “back door” into your file system. Both of these things are done with automated software that scans the web looking for certain kinds of sites. When a site is found that matches the specified criteria, the software probes for known vulnerabilities and makes its way in.
Once your site has been compromised, getting it cleaned up requires advanced technical skills — expertise that rarely comes cheap. If your site gets taken offline, either by the malicious code itself or by your hosting company trying to protect other customers, you could be looking at rush charges as well.
Protect Your Site – Always Lock The Front Door
Don’t wait until after you’ve been hacked to do something about it. A little prevention is worth a ton of cure. If nothing else, protect your site’s administrator account with a nonstandard login name and hard-to-guess password. If you log in to your site’s dashboard with the username “admin,” you have done half the hacker’s job for him, because at that point, all he has to do is guess your password. Create a new administrator account with a name that’s impossible to guess, like “boss34gh12.” Then delete the old admin account and use the new one exclusively. Make your password equally obscure. Experts recommend using at least eight characters, but more is better — go with 10 or even 12 to be safer. Mix it up with upper- and lowercase letters, include a couple of numbers, and throw in a special character or two for good measure, such as @, !, $, #, or &. Store your new login either in your browser’s encrypted password vault or a third-party solution like RoboForm or Lastpass. These browser plugins make logging in to any site as easy as a single click, no matter how obscure your username/password combinations. They can also generate those crazy passwords for you.
Once your site has been compromised, getting it cleaned up requires advanced technical skills — expertise that rarely comes cheap. Get Expert Help Protecting against the hacker’s ability to write to files on your server is much more complicated. Start by asking your web hosting company what they recommend. They know their server environment better than anyone, and probably have some precautions against hacking already in place. They also may offer add-on services you can purchase for extra protection, and they can probably refer you to third-party security companies who provide even more peace of mind. At the very least, they will probably have a checklist of “site hardening” activities you can perform yourself. These will vary depending on how your site is built. Give the list to your website administrator to review and implement.