How to protect your site against hackers

lock out hackersThe consequences of getting your website hacked range from slightly annoying, if your site is merely defaced, to totally devastating, if your site is a main source of income and it gets taken offline. How do these things happen, and what can you do to keep your site safe?  You might ask yourself “How do I protect my site against hackers?”  This post will provide you with some tips and advice on how to do just that.

How Do Hackers Hack?

Simply put, hackers find a vulnerability on your site and exploit it. This is done one of two ways. They either come in the “front door,” by guessing your username and password, or they find a file they can write to and modify it with code that gives them a “back door” into your file system.   Both of these things are done with automated software that scans the web looking for certain kinds of sites. When a site is found that matches the specified criteria, the software probes for known vulnerabilities and makes its way in.

Once your site has been compromised, getting it cleaned up requires advanced technical skills — expertise that rarely comes cheap.  If your site gets taken offline, either by the malicious code itself or by your hosting company trying to protect other customers, you could be looking at rush charges as well.

Protect Your Site – Always Lock The Front Door

Don’t wait until after you’ve been hacked to do something about it.   A little prevention is worth a ton of cure.  If nothing else, protect your site’s administrator account with a nonstandard login name and hard-to-guess password.  If you log in to your site’s dashboard with the username “admin,” you have done half the hacker’s job for him, because at that point, all he has to do is guess your password.  Create a new administrator account with a name that’s impossible to guess, like “boss34gh12.” Then delete the old admin account and use the new one exclusively. Make your password equally obscure. Experts recommend using at least eight characters, but more is better — go with 10 or even 12 to be safer. Mix it up with upper- and lowercase letters, include a couple of numbers, and throw in a special character or two for good measure, such as @, !, $, #, or &.  Store your new login either in your browser’s encrypted password vault or a third-party solution like RoboForm or Lastpass. These browser plugins make logging in to any site as easy as a single click, no matter how obscure your username/password combinations. They can also generate those crazy passwords for you.

Once your site has been compromised, getting it cleaned up requires advanced technical skills — expertise that rarely comes cheap. Get Expert Help Protecting against the hacker’s ability to write to files on your server is much more complicated.  Start by asking your web hosting company what they recommend. They know their server environment better than anyone, and probably have some precautions against hacking already in place. They also may offer add-on services you can purchase for extra protection, and they can probably refer you to third-party security companies who provide even more peace of mind. At the very least, they will probably have a checklist of “site hardening” activities you can perform yourself. These will vary depending on how your site is built.  Give the list to your website administrator to review and implement.

Haydon Rouse

Haydon is a Local Property Expert for 99home. He is an expert at marketing and selling online. He genuinely wants to help you and provide exceptional service. Why? Because, when he achieves that, you will tell your friends about him. Haydon has been marketing and selling online for over 20 years. He has lived in East Kent all his life (cough... over 47 years.. cough), knows the local area like the back of his hand and has fantastic customer service skills. You can contact him here.

Click Here to Leave a Comment Below

Elisa - 23 June, 2012

Very smart! It was a long time before anyone told me to do the simple change from using Admin as my username. I’ve been reading the posts on your site and it’s very impressive. I’m in Dean’s Quick Start Challenge too, you probably know that I think I’ve seen you on my site already and my blog is on your list.

I will definitely be back to glean from your words of wisdom,

Elisa

Reply
Bappaditya Mishra - 7 July, 2012

another tricks I found useful is to change the wp-login.php to your custom name say for.
http://www.domain.com/donothack.php

Reply
Leave a Reply:

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close