It’s the stuff of nightmares. You try to access your small business’s website, but it’s gone and in its place is a page proclaiming allegiance to Pakistan (that really happened to a business owner we know). Or you notice it now has links to websites that are selling “genuine” Rolex and Breitling watches that you definitely didn’t put there (just talked to a prospective client with this problem this morning). Worse yet, because your site now has these malicious links, Google decides to stop indexing your site and no one can find it in searches.
No matter how small your business, someone has probably tried to hack into your website in the past 30 days. All of the websites that we monitor have hack attempts every month. Some have hack attempts every day or even every hour, regardless of the size of the company or website.
What can you do to prevent a website hack attack? While no method is 100{a1e4dbad5b5db674abcd08880e44cddfd507140ecbeb8646296ad08a1acb49a4} foolproof, there are steps you can take to minimize the risk:
- Update your website’s software. Always upgrade to the latest version of your blog, shopping cart, etc. Sites built with WordPress, for example, must be upgraded to the latest version of WordPress in order to be as secure as possible. Other tools/plugins in your site must also be updated to the latest version. Not sure if your site is being upgraded? Contact your website developer or website host.
- Create hard-to-guess usernames and passwords. If your site has a Content Management System, like a good portion of sites these days, one of the easiest ways to hack into your site is to just… log in! If your username is “admin” and your password is “12345”, I can guarantee that you will be hacked at some point. Change your username to something other than “admin” and your password to something random, preferably with at least 12 characters. Yes, that is a pain, but you can use a service like LastPass to help.
- Have security programs installed on your site. If your site is built with WordPress, for example, there are several plugins that can be installed to monitor hack attempts and block hackers. A security plugin like Wordfence will block the IP address of someone who keeps trying to log into your site’s backend with an incorrect username and/or password. They will also alert you if your site is under a “brute force attack”, where a hacker is using a software program to try hundreds of username and password combinations in a short amount of time to get into your site. Many security plugins also allow you to run malware scans, which will alert you if any known malware has been inserted into your site.
- Avoid using software that does not receive updates. If your site was built on software that is not being updated on a regular basis, it may be vulnerable to compromise. For example, if your site was built using a website development company’s proprietary Content Management System, but that website development company is no longer in business or is not maintaining the software regularly, consider having your site rebuilt using regularly updated software such as WordPress, Joomla or Drupal.
- Make sure you have a recent backup of your website. This practice won’t prevent your site from being hacked, but it will eliminate headaches if your site does get hacked. A hacked site can be restored with the backup. If you make a lot of changes to your site, you’ll need to have regular backups made. You can talk to your website developer about scheduling backups. Most hosting companies also offer backup services.
The bottom line is that you need to be in contact with your website developer or website host to make sure that your website is being monitored, scanned, backed up and updated. This level of maintenance will usually involve a monthly fee, but in my opinion you should consider it part of your marketing budget and the cost of doing business.