Here is the final installment in our Hacking and Malware series. Previously we discussed why hackers hack, and what to do if your site gets hacked. In this post, we’ll discuss ways to keep this whole hacking thing from ever happening in the first place. Believe us, preventing it altogether is much easier than the treatment.
Stay Up To Date with Updates
One of the most important things you can do to prevent your website from getting hacked is to keep your site updated. This includes plug-ins, your content management system, apps and scripts. Minimize your risk of getting hacked by keeping your site up to date. The best part: making these updates usually doesn’t take much time at all.
Use HTTPS
An SSL certificate secures the transfer of data such as credit cards, contact and personal information. Search engines are taking website security very seriously: Google Chrome released a security update last year that lets visitors know if your site doesn’t have an SSL certificate. Your site may even be ranked lower in search results without one. The cost is minimal and completely worth it for the security it provides.
Use Secure Passwords
Believe it or not, the most popular password from 2018 is still 123456, followed by the word ‘password.’ One weak password in your company can lead to a security breach, so set expectations and parameters for employee passwords. Don’t use your birthday, your kids’ names, or anything else easy to guess. You can use a password generator, or take four random words and put them together. Example: HedgehogSpoonFlowerRefrigerator. Add in some numbers or special characters and you’ve got a pretty solid password.
Toughen Up Access Control
Admin access to your website equals access to all the things you don’t want hackers to get their hands on. Ensure your company is following these best practices:
• Usernames that aren’t obvious and strong passwords
• Limit the number of login attempts during a certain period of time
• Never send login details by email, because emails can be hacked as well
• Delete unused users from your site
Tighten Network Security
Employees in your company could allow access to hackers, without even knowing it. We hope it goes without saying that no one should click on email links that they don’t trust, or download files from shady sites. But there are other less obvious ways that employees could make it easy for hackers to gain access. Follow these guidelines to tighten your network security:
• Always use strong passwords
• Change passwords frequently
• Logins expire after a short period of inactivity
• All devices scanned for malware when plugged into the network
Get Website Security Tools
Website security tools can make it more difficult for hackers to get into your site. Such tools scan for vulnerabilities and provide reports for a variety of security tests. Different products provide different reporting, such as SQL injection, blind SQL injection, PHP code injection, malware, and blacklisting. Check out this list of free tools to scan your site for vulnerabilities.
Watch Your Email Transmission Ports
Another target for hackers isn’t your actual website, but your email. There is a quick and easy way to see how secure your email transmissions are. Go to your email settings to see which ports you are communicating through.
• If you communicate through the IMAP Port 143, POP3 Port 110, or SMTP Port 25, your email transmissions are NOT secured.
• If you communicate through IMAP Port 993, POP3 Port 995, or SMTP Port 465, your email transmissions ARE secured through encryption.
Encrypt Your Data
Encrypting your own and your customers’ data is essential. This way, if a hacker does access your files, they will only access streams of unintelligible characters. Easily installed, affordable software now provides government-grade encryption. Read more about some of the best options for 2019.
Backups
Always always always have a backup of your site. A website backup is a snapshot of your website that should include the following:
• Website code files
• Website databases
• Images and files used on the site
• Plug-ins, add-ons, and themes used by your site
In the event that your site is hacked, the more recent and complete the backup you can restore, the better. Without a reliable backup, you will have to rebuild the entire site. The more frequently you back up your site, the easier it is to ensure a recent copy of your site, and not have to rebuild it from scratch.
The Real Geek Stuff
There are other, more technical things you should do to protect your site, that may not make sense to the average Joe. Unless you have some IT experience, these might be areas you wish to consult a professional for guidance (example: Think of your friends at Blindspot). These include:
• Install a Web Application Firewall
• Shield Your Website Against SQL Injection
• File Upload Best Practices (Or not allowing uploads at all)
All the precautions in the world can’t 100% guarantee that your site will never get hacked. What these preventative measures can do is greatly reduce the likelihood that a hack will happen, and if it does, it won’t be as devastating as it could have been.
Did you miss the first two installments of our Hacking Series?
Read Part 1: Why Do Hackers Hack?
Read Part 2: Has my Site Been Hacked? What Do I Do Know?