How to Prevent Website Hacking – Top 10 tips
One of the worst experiences a business can have is for their website to be hacked. Consider the loss to your business if your website security was breached.
Suddenly clients can’t book in or buy your services and products, because they are getting sent to Viagra sites instead. Depending upon the attack, sites can be down from days to weeks. How can you prevent website hacking?
These are the top 10 tips on either preventing your site from being hacked, or limiting your downtime if you are attacked:
Virus Software installed and running.
It is still surprising that this still needs to be stated but you need to have an up to date virus checkers on your computers. Double check that is actually running on your machine, that it is set up to automatically get updates (as new viruses are being created every day), and it has regular automatic scans scheduled. Don’t make an assumption, make sure it is happening.
Update your WordPress Site
Set up a time to regularly go and check your site for WordPress updates, plugin updates or theme updates and then update them all. Hackers will be trying to get in through those areas and some of those patches will be security updates to overcome any loopholes that hackers are using. Schedule your WordPress security to weekly if you have all your other protection in place.
Strong Passwords
To have strong passwords generally means they aren’t easy to remember so utilise a password tool – for example 1Password. That means you only have to remember one password but all your sites have very secure passwords and are different for each login.
Don’t use “admin” username
Do not use admin as your username as that is the first password they try to break, if you do have it then you should change it. As a double check do a regular check of the Users in your WordPress site. In particular, checking for Administrator users, these should only be the ones known to you.
Reliable WebHost
Choose a reliable WebHost. They should have their finger on the pulse of problems at large, if there are mass security breaches and they should be taking action to prevent those problems.
Have a SiteMap and let Google know about it
A SiteMap just shows how the pages are connected on your website. It isn’t a preventative measure but if you are hacked, having it in place with Google will help your website be up and running sooner. You are basically giving Google an ongoing cheat sheet, so Google can re-crawl and indexed your site. It isn’t stated, but it is likely that it moves your site up the priority list. There are plugins that you can get for “Sitemap XML generators”, one is called Yoast, which is mainly put in place for SEO purposes, but it does a site map as well. Once the sitemap is in place you need to alert Google by going to the Google Search Console and add your sitemap URL.
Web Application Firewall (WAF)
Prevent brute force attacks by putting a Web application firewall in place, it should try and stop common attacks such as cross-site scripting (XSS) and SQL injections where hackers try to put code onto your site. A WordPress plugin that can do this is called Jetpack, and it also is useful for the next two tips. It costs but like virus protection is important. If you do put Jetpack in place then choose at least the premium subscription. And like all plugins once added, make sure you activate it.
Monitor for Malware
Your website should have a plugin that protects and checks your site from Malware (malicious attacks, trojans and viruses). Jetpack can take care of malware protection and monitoring, or there are other plugins such as Malcare that are available.
Website Backups
Have regular, preferably scheduled backups occurring for your website. If the attack is found early enough you can just go straight to backups. Jetpack premium has that option, but your webhost provider might also offer this as part of their service.
SSL certificate – Https://
Hopefully you already know to look for the little lock in your browser, for anytime you want to provide financial information to a webpage. It means there is an extra layer of encryption in place between the client’s computer and your website. It is wise to put it in place for your website, set up a SSL certificate so that you are using https for your site. This used to be expensive, but some providers are now providing free and automated certificates. Work with your hosting site on putting it in place. The extra benefit is that Google likes https and it will probably benefit your SEO. There is also a detrimental effect to website visitor numbers if it isn’t in place as Google Chrome put a update out in July 2018 that alerts website visitors if you don’t have a SSL certificate installed and that can scare off some potential customers.
Prevention is definitely better than cure when it is applied to your site security. If you follow these suggestions then you will increase the chances at securing your website from hackers. More software tips are available at www.youtube.com/c/autom8now
