Hackers are lurking out there in the internet running scripts to search for websites with vulnerabilities that they can hack into.
You might not think that hackers would be interested in your website. But they are.
What motivates hackers?
Top 4 reasons why hackers hack
- Notoriety
- Some thrive on the prospect of being the one who takes down a high profile website
- A source of esteem or value
- Some think they are making the internet a better place by taking down a poorly secured website to punish the people who left it so poorly protected and teach them a lesson
- Some like to create chaos or to cause harm or panic, interrupt normal activities, or destroy important data
- The thrill of the game or the challenge
- Not everyone can be a hacker. They take pride in their suite of software tools, knowledge and the capability of the hardware they use
- Potential for a pay day
- They like to take over a website, reach into private networks, and steal or scramble the data and then demand a payment to undo the damage they have caused
- Or they might take over your most popular pages without you noticing and fill them with links and get paid a few cents for every click
Your website is an essential communication method between you and your stakeholders, so the prospect of it being taken down by a hacker can be distressing.
It’s worth putting attention and resources into protecting your website against hacking.
Here at CreativeQ we take security very seriously, and apply our security protocol to every website that we look after for our clients.
Here’s a list of 10 things you can do to protect your website against hacking:
- Ensure your SSL certificate (https://) is in place and automatically renews
- Your SSL certificate encrypts the data flowing to and from your website and your web browser will indicate one is in place with a small padlock beside your website address
- Ensure the following is kept up to-date at all times (if you are on WordPress):
- WordPress core
- Plugins
- Theme
- PHP version
- That someone on your team is responsible for testing the site on occasion
- If you have great clients sometimes they’ll point out problems to you, but it’s good to spot them yourself first
- Set-up uptime monitoring
- This catches catastrophic failure and sends you an email alert. Most software is US$10 – US$20/month
- Some systems can be set to alert you if a particular word is missing (or added) to your website (such as a sentence you have on your homepage)
- Customise the location of the admin login page from the default /wp-admin/
- This makes it harder for hacking bots to find
- Ensure your usernames are a combination of letters and numbers instead of peoples first names
- Again, so it’s harder for bots to guess
- Ensure your passwords are strong
- 10 – 20 characters. A combination of letters (both upper and lower case), numbers and characters
- Again, so it’s harder for bots to guess
- Set most of your users to “Editor-level” access so they don’t have access to core code and settings
- If their login is compromised, it can’t be used to change essential code
- Ensure you have a reputable security plugin in place
- With features such as: Malware scanning, Firewall, IP address blacklisting and more
- Ensure you have a website backup protocol in place
- At the server level, account level and installation level
- Restoring your website to a backup point is often the first step to restore your website after a hack
The idea is to make it so hard for your website to be hacked that the hackers move on to find another victim elsewhere.
Here at CreativeQ we protect all our clients from hacking and downtime using this list as a base.
We have a few additional protections on top, but we can’t share those with you because we don’t want the hackers to find out what they are!
We hope this article has been of help.
Hacker image credit: https://www.storyblocks.com/