Imagine the feeling of finding out your website had been lost overnight… What impact would that have on your marketing, your sales and your sanity?
This happened to Phil, one of our clients recently…
Monday afternoon I received an email with a subject “We’ve Lost Our Websites, HELP!?”. Two of his websites had been hacked on his 1&1 hosting and they were down.
My initial reply was to ask 1&1 to restore a backup from a few days ago.
After a few emails with 1&1 their response was that all the site files were gone and only the database remained…. “Sorry, but you will need to rebuild your websites”
Imagine how you would feel reading that email!
I know for a fact I would be absolutely devastated, the thought of it makes me feel sick! Our website is a major cog in our marketing wheel. I’ve spent easily over 200 hours on our site, when you add the original build time and all the ongoing updates, landing pages, SEO etc. This time and effort relates to at least £10,000. That’s a big investment to loose.
I think I would go home, lock myself in a dark room and cry for a week!
Based on Phil’s experience I’ve been inspired to write this post on helping you to secure your website and protect yourself from those dastardly hackers!
Most of this advice relates more to WordPress sites – as the biggest platform on the planet it is more prone to attack than most but I have seen Magento and Joomla sites taken down overnight due to being hacked or attacked with spam traffic.
1. Web hosting.
This is an area I see a lot of business owners skimp out on and it massively shocks me. Especially when you consider how important a website is and how big of an investment they can be.
Sorry to say but a £39 a year hosting package isn’t going to buy you a good web hosting package.
Most hosting companies will offer back ups as part of their service free or for an additional fee.
We offer 30 days back ups on all our hosting as part of the fee.
These are crucial to have and can cost from as little as £7 a month on your original package.
I would stress if you don’t do any of the following points in this post, consider this one the most important.
If you have backups and you are hacked or you break your site with an update, at the worst your site can be restored to a previous date with just a few clicks.
If you’re looking for reliable hosting –
I can’t recommend TSO HOST.enough. They’re a UK based company, powerful cloud hosting and their support is second to none.
Companies I’ve had bad experiences with in terms of being hacked and bad support are; Heart Internet, 1&1 and Digital Ocean.
2. Username and password.
Make sure you have a unique username and password.
Especially on WordPress.
The most common username on the net is admin
When you combine this with a weak password like letmein and 123456 you’ve just given a hacker a wet dream.
Make your password stronger than this.
Something like this for example MattLoves_Cake16!
Throw in an Uppercase Letter, a Symbol and a number or two.
Or you can use something like this.
3. Update your CMS plugins and security patches.
If you don’t update your CMS and plugins you are more prone to security attacks. When you receive security updates, action them as soon as possible to ensure your site is current, and functioning as well as it can.
Warning… Be careful. If you have kept on top of this and have updated your website version and plugins regularly, your updates with go smoothly.
However, if you are jumping from a very early version of WordPress, for example from 2012 to the latest update, there is a good chance you will break your site.
4. Add a security plugin
There are a few plugins available that help add an extra level of security to your website.
I use and recommend one called https://www.wordfence.com/.
It’s kind of like a parental figure nagging you to do the basic chores – update your plugins, change your password etc but it keeps nagging you until you do it.
You can also set login attempt limits – This is a great thing to do to avoid brute force attacks.
It also gives you interesting insights into how often your site is being targeted and from where.
This is a wordpress plugin and has a free and paid version available.
5. Block dodgy traffic to your website
Have you looked at your google analytics recently and seen traffic from things like buttons.share.com?
If you take look at your GEO tab inside analytics you’re likely to see traffic from places such as Russia, China, Brazil and Thailand. These are very common destinations for dodgy spam attacks and blocking it can prevent dodgy links and potential attacks.
You can block these links inside analytics by using filters. Please see the image below to see an example of the filter we have set inside our analytics.
Don’t become a victim of the hackers. All it takes is a little time and thought to make you safer online.
As the internet grows and technology advances these issues are going to become more frequent. By following some of the advice in this blog post you’re a lot less likely to experience the same disaster as Phil.
If you have no clue on how to update a plugin or reset your password – Speak your your IT department or web guy and get them to put these things in place.
Be safe out there
Your Web Security Officer
P.S. Based on Phil’s experience I’m now thinking of offering a simple support and hosting package. Please let me know if this is something you’d be interested in.
P.P.S. – If you have any security advice you feel is valuable or have a story similar to Phil’s – plugins web hosting etc please share in the comments below.