Let’s face it, even the largest corporations on the planet, with highly skilled teams of people managing their website security around the clock, have still fallen prey to hackers!
The truth is, no one can guarantee your website will never ever get hacked. There are however some simple, yet effective security measures every website owner should be aware of, to ensure the overall health of their website. These measures alone can significantly reduce the likely hood, and possibly even deter hacks from occurring altogether.
1. Keep your website secure with secure passwords
This is a simple measure that is often overlooked. Choose strong, unique passwords for each aspect of the website you have access to e.g. website admin, database and server. A strong password should have a minimum of 12 characters, be a combination of alpha and numeric, upper and lower case characters and symbols. Ensure your password is not guessable, and do not share it with anyone that is not an administrator. Passwords should be changed frequently, however recent research shows that changing passwords too often can also compromise security, so at a minimum at least every six months is recommend if you already have a strong password ( see: https://www.wired.com/2016/03/want-safer-passwords-dont-change-often/).
2. Ensure your website software is up-to-date
If you’ve hired a company like iNNsite, to maintain your website, software updates should be included in their website maintenance package. If you are a company managing your website in-house, then it’s important to ensure that you are familiar with the software used in the development of your website, so that you can stay-up-to date with the latest versions and update your website accordingly.
Open-source CMS platforms often release updates for their software. Their active communities also release updates to plugins developed for these CMS’s. Remove old and outdated plugins, and ensure the ones you keep are updated with each new release. If you’re not comfortable managing this aspect of your website, you can hire a website development company to do this for you.
3. Re-name admin folders and throw hackers off
Another simple measure that you can request from your web developer is to re-name your admin folders. Given hackers can use scripts that target admin or login directories, renaming the folders to a more random term is a simple way to throw hackers off.
4. Rent a cloud based web application firewall
For mid-tier to smaller businesses run by individuals, a cloud based web application firewall is a good security option that doesn’t come with a hefty price tag and won’t require you to hire security experts. These applications are designed to monitor incoming traffic and then remove any malicious requests. This protects against a range of threats from SPAM to brute force attacks and many others.
5. HTTPS – Hyper Text Transfer Protocol Secure
HTTPS is a secure communication protocol using encryption measures to transfer sensitive information between a web server and website. To date HTTPS has most widely been used for e-commerce websites where it has been a necessary to facilitate online transactions. In-addition to security, Google has recently created an incentive for more websites to use HTTPS by announcing that its use on a website will also be a search engine ranking factor.
If your website does get hacked, you can always restore from a backup however, client data on the site may be compromised; new transactions or updates may be lost; not to mention the time investment to clean up files, to locate and remove any hidden scripts that have been installed, which could result in recurring hacks.
Prevention is always better than cure, so we encourage you to take the necessary steps to protect your website and prevent a hack attack!