The Anatomy of a Website Hack
Hackers are a real threat to all websites and a serious concern for the Your Web Pro crew. We work hard to keep our customers secure and strong online. With proper updates and security measures in place, the chances of your website getting hacked are tiny. Like most things, however, when a website is neglected is becomes less secure and less useful for your customers. We recently encountered three instances of websites being hacked. Both had to be cleaned up and secured. Here are a few take-aways from these experiences and how you can work to keep your website safe online.
Keep Your Core CMS Updated
One of the most important things you can do is keep your core website software up to date. WordPress is the most popular website platform making it a huge target for hackers. In the three recent events, Wordpress was not a factor on either one, but other CMS systems were. All CMS systems have ongoing updates until they reach an EOL (end of life.) At the EOL point you must take the risk of running at an increasing level of insecurity or start rebuilding on a new CMS. The point here is to run updates as long as you can then plan the rebuild. Most CMS systems will give you an EOL timeline so you are not taken by surprise when the day comes.
Run Regular Backups and Offsite Them
This is something that can’t be repeated enough. You need to run regular backups of your website and offsite them. This applies to your local computer just like your website. If your host allows it, automate the backup process, but check it frequently to make sure it works. Of the three recent events, two were on hosts with no or broken backup processes. They each took hours to restore. One was on a host with a solid backup plan. Restoring that to a pre-hack point was about 10 minutes.
Use a Good Host
Leading from the back issues is the need for a good host. Not all hosts are created equal. You might save money on a bargain hosting account, but you will likely lose money on the issues that account cascades. It is much better to spend more on a good host with good backup functions and support than to spend ten times that on a cleanup. In fact, one of the three recently hacked accounts is almost certainly a host level server breach, but they won’t admit to that and we can’t get those logs from them. Eeek.
Use Strong Passwords
Use strong passwords that you cannot remember and cannot type in. They should be at least 12 characters and even longer is better. Use a combination of upper-case and lower-case letters, numbers, and symbols. Never use a word and never an easy, common string. Just recently I was helping a customer configure an email account. He wanted the password to be “12345” and I advised that the email account would be hacked – and that is the truth. Simple passwords will be guessed in no time. Hackers are banging on accounts around the clock to get into your stuff.
A few simple things will keep you more secure online. Sure, there are other measures, but following these will take you a long way and likely save you a major headache down the road. If you are unsure about your status of any of these for your website just get in touch. We will help you fill in the gaps.