Monday, March 14, 2011

How to Protect Your Websites & BLOGS From Hackers?



It’s a nightmare scenario. You go to your website only to find a nasty message from a hacker bragging about hacking your site. And nothing else. As far as you can tell your content is gone and you can’t even find a way to log into your Website, WordPress OR Blogspot dashboard.

Would your business survive your website being shut down, even temporarily?

Have You Really Been Hacked?

A lot of times people come to me saying, “My site’s been hacked,” when it really hasn’t. With Blog sometimes plugin conflicts can cause issues that seem to the user like a hacker has messed with something. This is most common when upgrading to a new version of blogging services if a plugin hasn’t been made compatible with the new version yet.

While that can cause your site to crash, it’s not caused by hackers.

Not only that, but most of the sites I’ve seen that have been hacked weren’t just taken down by them. Most of the malicious hacks I’ve seen involved injecting some code into the site, usually with the end goal to redirect site traffic to some other website.

The Symptoms

Without going into the details, it case was a little different. the  site actually showed an all white screen with an error message along the lines of a plugin conflict and the hacker just wanted to crash her site. Turns out he was into stealing something else.
 
Here are some things you can do to minimize the chances you’ll end up getting hacked and maximize the chances to fully recover quickly should your site crash (for whatever reason).

1. Use Strong Passwords.

Make your passwords not only hard to guess, but make them more difficult for sophisticated hackers to break as well. Randomly mix in special characters (found on the number keys with the shift button) as well as numbers and upper and lower case letters. Here’s what Wikipedia says about password strength.

Almost all Websites & blogging services cPanel will tell you how strong your password is. Stronger passwords offer better protection.

It also makes them harder to type in. That’s why I use 1Password to manage my passwords. I can use really strong passwords and I don’t have to remember them or type them in. 1Password will auto fill web forms for me. It’s the best of both worlds: good security & user friendly.

2. Keep Your BLOG/Website Updated.

One of the most common ways websites get hacked is because their owners don’t keep their software up to date. What happens is that older versions of WordPress can have know security weaknesses. These weaknesses are fixed by newer releases of the software.

But if you don’t update your software, you leave yourself exposed.

This also holds true with plugins and themes. Besides, the newer versions of websites make keeping everything up to date remarkably easy. There’s not much of an excuse to keep you from updating things.

3. Backup Regularly and Often.

A good backup can cover for a ton of other issues by making it possible to revert back to how things were before your site crashed. You need to back up your
  • Database
  • Theme Files
  • Plugins
  • Media Uploads
  • But the point is backup early and backup often!
Bottom Line

I don’t believe any site is completely “hack proof.” A determined hacker with enough resources can break into most anything. Just watch an episode of NCIS!

But if you do these three things you will greatly reduce your risk of being hacked and make it much easier to recover if you do run into a problem.

No comments:

Post a Comment