I was having coffee with a friend this week, shout out to Holly G , and we got into a conversation about web security. Getting hacked is no fun – you’ve got site downtime, panic to find someone to clean it up, and are left with a feeling of invasion and why me.
First, the why part – hackers actively seek websites to host and spread their malware. They want access to your server and to use your website as a vehicle. It has nothing to do with the type of business you have or the size of your business. Hacking has to do with access and reach.
Fortunately for you, there are 3 easy ways to keep your website protected. And by easy, I mean YOU can do them. And with knowing about them you can also make sure your web designer does them.
1. The Username and Password for your website must be unique. For a username do not use admin, your name, your biz name or any other easy to guess moniker. Hackers sit there all day just plugging in “admin” and taking a guess at your password. Your username should be something unique just like your password. Use a password generator to create a totally unique sequence. Passwordsgenerator.net is one resource and choose a 16 character mix of letters (upper & lower), numbers, & special characters. Is it a total pain for you to remember? Yes it is but you can come up with a work around – use a password manager. I also like to come up with a personal phrase and then tweak it to get my mixed up string of characters. So for instance a sentence like: Living in the Garden State could be turned into L!^itG@RD3n$t@8 – this is a secure password that you will remember because of the personal prompts. If you use passwordgenerator.net, it also creates a sentence to go along with your password to help you remember.
2. When using plug-ins for you website, do your research. Choose a plug-in that is well known and has a lot of installs. If there are two Instagram feed plug-in choices one with 200,000+ installs and the other with 200, go for the strength in numbers. When it comes to plug-ins you must keep them updated. Often times outdated plug-ins are how hackers access your site. Hackers know about those back doors and exploit them. Plug-ins are updated so often because holes have been fixed. Do not ignore the little red circle on your WordPress dashboard.
3. Keep the backup of your website on another server other than the one hosting your website. I talk about one of the tools to use to do this here. This is important because hackers can gain access to your website through un-updated plug-ins. When a copy of your website is left on the server un-updated, you are leaving a big hole for a hacker to hop into. Plus, if your website is hacked you’ll need your files thoroughly cleaned. Having a safe, accessible, backup copy of your website to restore makes this process much quicker. Quicker means less downtime for your business. And if you aren’t backing up your website at all… tsk tsk. I’ll cover that in detail for you in a post upcoming.
These are just 3 easy steps you can take to keep your website safe. Put them on your list of things to do, check your current website to make sure it is up to snuff, and reach out in the comments if you have any questions.