One of the worst days in any business is Fix Our Hacked Website Day. That is truly is a no-good, very bad, not-fun day at the office. On that day, the company website, which should be as reliable as a lamp or a faucet, becomes a major problem. Dealing with a hacked website can be time consuming and expensive. So if you own a website, please take action on these security tips so you can avoid Hacked Website Day at your business.
As the CEO of Hunter Marketing Group, we manage branding and advertising for businesses of all sizes.
As part of that mission, we create and host many WordPress websites. We are very proud of our work, but it is our attention to website security that keeps that work active and productive.
NO COMPANY IS IMMUNE TO HACKING ATTEMPTS
Many of the world’s most prominent companies have experienced significant data breaches. Customer data has been compromised from Yahoo, Google, Facebook, Anthem, Target and many other companies that are household names. It’s tempting to think that the biggest companies are the biggest targets.
But being smaller than one of these giants does not protect you. Hackers have developed tools that automate the process of disrupting and infecting websites.
TYPES OF WEBSITE HACKS
Here are just a few of the ways that these malicious geeks cause harm:
• Denial of service attacks – In a DOS (denial of service) or DDOS (distributed denial of service) attack, hackers use bots to send so many requests to a server that it becomes overwhelmed and crashes. Unlike other types, DDOS attacks are focused on taking a website or server down rather than gaining access.
• Brute force login attacks – In these attacks, hackers use software to try to log into your website. Their scripts cycle through username and password combinations. Once they are logged in, they can steal customer information or add malicious software that will spread viruses to website visitors’ devices.
• Non-targeted website attacks – When hackers find a vulnerability in website software, it can give them access to your website. In these cases, your site was not specifically targeted. But the vulnerability in your software allows a hacker to compromise your site.
TIPS TO KEEP YOUR WEBSITE SAFE
Website security is a technical subject. But in truth, there are common-sense tactics that can improve the security of your website. Here are a few tips that any business owner can do to help keep a website safe:
• Keep regular backups – Your website host needs to be making regular site backups for you. Backups can be set to run automatically. In case of a website crash or hack, restoring from backup is a lot less effort than rebuilding your website.
•Add a SSL certificate – A SSL, or Secure Socket Layer Certificate, is an additional security measure that is added through hosting. This certificate improves the security of the information passed from and to your website. When a website address begins with “https://”, it has a SSL certificate. Earlier this year, Google began listing sites without a SSL certificate as Insecure in the Chrome browser next to the website address for every visitor to see. SSL certificates are not expensive and are a necessary step to keep your website secure.
• Administrator username security – Hackers use software to try to guess your administrator username, since the administrator can control every bit of your site. They may try millions of usernames but the first one they try is “Admin.” Please don’t ever use “Admin” as a username for your website. It gives up half of your username/password combination so easily! Use a hard-to-guess username that is not “Admin.”.
• Password security – I like to joke that if you can remember your password, it’s probably not secure enough. Hackers use software that will guess any word, word combination or common phrase. Another mistake is reusing the same password for multiple applications. In that case, a breach of any service can lead to a breach of all your services. Website security requires unique, complex passwords. And longer passwords are harder for hackers to crack than shorter ones. Most websites have password generators that create unique passwords. Use that tool to create a more secure password. And, if you find it hard to manage these complex passwords, there are handy password management programs that will help you keep it all straight.
• Only use software from trusted sources – There are many professional developers who put out great software for websites. But there are many others who are less capable, less careful or who don’t maintain their code. Before you install software on your website, review the company’s website to make sure that they are reputable and that they are releasing updates to their software. If you use WordPress, the WordPress repository provides information on the software, the frequency of updates and any issues that users have reported.
• Keep website software updated – There are several types of software that make up a website. The CMS, or content management system, is the primary software that powers your site. WordPress is the most popular CMS today, powering about a third of all sites on the web. The website also has a theme, which gives the site its design. Finally, website plugins are pieces of software that add functionality to websites. Website software releases occur on a regular basis. What are these updates? They are bug fixes, security patches and new functionality. If your software is premium (not all is), you will need to maintain active, paid subscriptions with the theme or plugin manufacturers. To keep your website safe, update your software as it is released. If you fail to keep your software up to date, hackers can attack your site through known vulnerabilities. Failure to update software is one of the most common and most preventable ways by which sites can become compromised. Please keep your software up to date. If someone is managing your website for you, make sure they are regularly updating the software.
• Consider professional website hosting – If you don’t want to or don’t feel that you can handle these tasks, hire a professional website host. Premium website hosting is not prohibitive in cost. Let someone manage security for you.
Hackers are a fact of life. But by being careful and consistent, you can avoid Fix Our Hacked Website Day at your office.
Ben Laifsky is the CEO of the Hunter Marketing Group, a Henderson marketing agency that provides brand and web design, search and social media marketing and video production.