Let’s be honest, even the largest corporations in the world, that have highly experienced teams managing their website security, still get hacked!
Unfortunately, there is no real way to guarantee your website will never get hacked, but there definitely are some healthy security measures every website owner should be aware of, as they can reduce the likely hood and possibly even discourage hacks from occurring.
This is a simple measure that is often overlooked. Choose strong, unique passwords for each aspect of the website you have access to e.g. website admin, database and server. A strong password should have a minimum of 12 characters, be a combination of alpha and numeric, upper and lower case characters and symbols. Ensure your password is not guessable and do not share it with anyone that is not an administrator. Passwords should be changed frequently, however recent research shows that changing passwords too often can also compromise security, so at a minimum at least every six months is recommend if you already have a strong password ( see: https://www.wired.com/2016/03/want-safer-passwords-dont-change-often/).
If you have hired a company to maintain your website, maintaining the software should be included for the fee you are paying them. If you are a company managing your website in-house, then it’s important to ensure that you are familiar with the software used in the development of your website, so that you can stay-up-to date on the latest versions and then update your website accordingly.
Open source CMS platforms often release updates to their software and their active communities also release updates to plugins. Remove any old plugins and ensure the ones you keep are updated with each new release. If you’re not comfortable managing this aspect of your website, you can hire a website development company to do this for you.
Another simple measure that you can request from your web developer is to re-name your admin folders. Given hackers can use scripts that target admin or login directories, renaming the folders to a more random term is a simple way to throw hackers off.
For mid-tier to smaller businesses run by individuals, a cloud based web application firewall is a good security option that doesn’t come with a hefty price tag and won’t require you to hire security experts. These applications are designed to monitor incoming traffic and then remove any malicious requests. This protects against a range of threats from SPAM to brute force attacks and many others.
HTTPS is a secure communication protocol using encryption measures to transfer sensitive information between a web server and website. To date HTTPS has most widely been used for e-commerce websites where it has been a necessary to facilitate online transactions. In-addition to security, Google has recently created an incentive for more websites to use HTTPS by announcing that its use on a website will also be a search engine ranking factor.
If your website does get hacked, you can always restore from a backup however, client data on the site may be compromised; new transactions or updates may be lost; not to mention the time investment to clean up files, to locate and remove any hidden scripts that have been installed, which could result in recurring hacks.
Prevention is always better than cure, so we encourage you to take the necessary steps to protect your website and prevent a hack attack!