You may not think your website is worth a hacker’s attention, but small business websites are hacked all the time. Hackers aren’t always out to prank you or block your site, but rather hijack your server.
What would they use your server for? A few things…it could be a spam relay, a temporary server that’s not easy to trace, or a simple fileserver to distribute files that are illegal.
Hacking is often performed by automated scripts–or “bots”–written to crawl the internet looking for known vulnerabilities in websites. If they hit your site and infect your server, you could find yourself with a site that’s been blacklisted by Google or shut down by your hosting provider.
Here are some simple tips you can use to help keep your website safe.
Keep your software up to date.
It may not be obvious, but website software has to be updated regularly…even more often than your iPhone…to keep one step ahead of security issues. If you’re using a managed hosting solution (most national hosting providers fall into this category) then they’ll handle server software updates. But it’s up to you or your developer to keep the website software itself up to date.
Use a secure password.
You’ve heard it from everybody, but the most common passwords of 2014 were still “123456” and “password”. (I’ll stand back while you slam your head into your desk.) SECURE YOUR PASSWORD!
The standard suggestions still ring true: Keep it long. Use a mix of letters/numbers/symbols. Don’t use your username.
Don’t use default user names.
WordPress is the most often used CMS out there. Every new WordPress site has the default user name of “admin”. Over 90% of the time we’re alerted to a hacking attempt on a WordPress site, the user name the hacker has tried is “admin.” (We receive, and successfully block, hundreds of such attempts every day.)
If you’re using a CMS that doesn’t have a default user name, make sure you set up a unique user name to begin with.
Don’t ask for more access than you need.
If you’re working with a developer who maintains your site, let them manage your access levels. Many end users have asked us for top-level administrator access to their sites, but we try to discourage it. Every high-level login that exists is another potential security hole. Your developer will be able to advise you on the proper level of access. You don’t want to clean up PHP and CSS files anyway…and that’s probably the only access you’d gain.
If in doubt, hire it out.
Web security is a tricky subject. A good development firm will stay on top of industry news, large-scale hacking attempts, and software updates. It’s a full time job to defend and protect a website. You wouldn’t go against the IRS without your accountant and a lawyer. Don’t go against a web of hacker-bots without your developer.
If you have any additional questions, please let us know. It’s what we’re here for!