7 Tips on Preventing Your Website from Being Hacked
It happens far too often than we think. Whether it’s the dreaded discovery a well-known website has been hacked, compromising sensitive user data, or a small business finding out its site is being used for nefarious purposes.
Large or small, all websites are vulnerable to being hacked. While many small business owners think that they’re too small to target, it’s actually the opposite; hackers will frequently go after smaller businesses with fewer cybersecurity measures in place. The threat to small businesses is very real and not something to ignore.
At the top of the list of vulnerabilities is sites built in WordPress, which account for 90% of all website cleanups in 2018, according to Sucuri.
The Dangers of Not Protecting your Systems
It’s easy for a small business owner or entrepreneur to think it won’t happen to them. Oftentimes, they are too busy with the day-to-day operations of the business and do not realize even their small site is at risk.
But the dangers of doing nothing are alarming. Cybercriminals can:
- Take your site hostage and demand a ransom fee to get it back online.
- Break into your database and steal customer information.
- Deface your website and put inappropriate pictures, links or text on it.
- Submit malicious code through forms to deliver viruses and other harmful code to visitors who enter your site.
- Use your email server to send spam through your server.
- Set up a temporary web server to serve files that are illegal in nature.
As a business owner, it’s important to understand these dangers and know what needs to be in place in order to minimize your risk of being compromised. Not only that, but if your site is targeted, customers aren’t going to be pointing the finger at the hackers; they’re going to be pointing it at you.
Do know that cyber attacks are nothing personal. No one is specifically out to get you. The most common form of hacking is done through automated scripts or bots that are written in a way that scour the internet in search of vulnerabilities that can be breached and maligned.
To prevent your website from falling victim to such attacks, take a look at these top tips and keep your website and business safe.
How To Protect You And Your Website from Hackers
-
Keep your Website Platforms and Scripts Updated.
If you use a CMS (Content Management System) such as WordPress, Drupal, or Magento etc., it’s important to install updates as they become available.
The creators of these platforms find and fix security holes that will leave your website vulnerable to attack, so it’s essential that you have the latest updated version of the software.
The same applies for shopping cart systems, forums, plugins and scripts that facilitate extra functionality on your site.
-
Install an SSL Certificate.
An SSL (Secure Sockets Layer) certificate protects the data being submitted to your website by encrypting it as it travels from the web browser to your web server, making it much harder for hackers to intercept and malign.
Not only does an SSL protect your data, but it also invokes a sense of security for your customers when they go to purchase. You will probably lose sales if you don’t have an SSL installed.
In fact, recently Google has made it all but mandatory to have your website SSL secure, by not only giving site owners a small SEO ranking benefit but also displaying a very prominent warning message in its Chrome browser if a website is not secure, causing users to be concerned if visiting the site.
Since Google Chrome holds about a 63% market share in web browsers, this is something you can’t ignore. You don’t want to risk sending your website visitors away because they don’t trust their experience with you being safe.
-
Secure File Uploads and Web Forms.
While allowing users to upload an image or other file to a website or form can add interactivity, it also allows a way for malicious scripts to be uploaded to your server.
Ensure security measures are in place that check submitted items from users to check if they’re safe before uploading them to your website server.
It is possible for hackers to fill out a contact form and place malicious code into the name or email fields.
Having a tech person review your website can protect you from leaving this door open to hackers.
-
Install a Web Application Firewall.
A firewall monitors all traffic to and from your website and serves as a barrier between servers. Nefarious attacks can be blocked from infiltrating your website files when a reputable firewall application is used.
-
Set Up Strong Passwords.
While many people are learning the importance of strong passwords, some still leave their usernames at ‘admin’ or set simple passwords like ‘password123.’ Or, they use the same password for every online account they have, whether it’s online banking or a social media account.
Passwords like first names, pet names and simple words are easy to guess. There are algorithms hackers can use to easily figure out your user ID and/or password when either are very simple.
Adding numbers, symbols, and capital letters to a password makes it harder to expose. Plus, many password management programs can help you generate a random, hard-to-guess password.
It may seem inconvenient to have to memorize a more complex password, but doing this to avoid being hacked is totally worth the effort.
-
Lock Down Your Directory and File Permissions.
It’s important to have someone with technical expertise review your hosting server directories to make sure the read, write and execute permissions are set in a way that allows for maximum security.
Look at folders, directories and individual files to review their settings to make sure your website is as secure as possible from harmful attacks.
-
Set Up A Generic Website Error Page.
If you have a portion of your website where users need to log in with a username and password, be careful what information you share on the error page.
For instance, if someone is trying to log in and gives the wrong username, it’s better to have a generic error message that says, “wrong username and password combination”. This way, you’re not providing would-be hackers any clues to guessing the login credentials.
Having the ability to lock a user from trying to log in after too many failed attempts can also safeguard your website.
Make a Point to Review Your Website Security Today
Not only is it vital to have the above-mentioned security protocols in place, but you should also have a consistent maintenance and backup plan operating. Sadly, even the most secure websites can get hacked and serious harm can be done. Ensuring your website is fully backed up can bring a lot of peace of mind knowing your site can be brought back online quickly.
If you feel uncomfortable doing a security review yourself, hire professional website development firm do it for you.
To your business success,
Susan Friesen
P.S. If you liked what you read here, you will want to sign up for our newsletter where you’ll get notified every week of our blog posts, announcements and business-building strategies. Click here to also receive our free website guide: www.UltimateWebsiteGuide.ca