It’s not the ‘80s anymore.
While once upon a time, hackers were seen as the pinnacle of geek chic, now they’re widely seen as a nuisance at best, and a serious threat to your content marketing strategy at worst.
There are all kinds of reasons someone might want to hack your website.
- They might want to access your customers’ files
- They may wish to plant malware on your site to steal your files or use your website to hack other computers
- They might just want to bring your site down for the fun of it.
Regardless of the reason behind hacker attacks, the threat of getting your site ripped apart by strangers is constant and ever-close.
For that reason, you might want to consider some of the following tips to keeping your website as secure as possible.
Keep Everything Up to Date
If there’s one thing hackers definitely aren’t, it’s lazy.
- Many hackers are constantly working to find bugs or exploits in common website coding, attempting to spot new ways to gain access to secure files.
This has led to a perpetual war between cyber-criminals and security experts:
- Hackers find an exploit within a website that lets them get through its security
- Security teams patch or update their infrastructure to prevent its use
- Hackers begin searching for another weak spot in the security.
In practical terms for you, this means that the systems your site runs on are constantly being updated. Sometimes these updates will add new features, but more often, they’ll be updating to keep out hackers.
To keep your site from being a target for hackers, it’s your responsibility to make sure that every time a plugin update becomes available, you make use of it to maintain your security.
Most of these can be set to update automatically, but you need to ensure that this is happening to avoid leaving an easy access point for cybercrime.
Don’t Make Things Too Obvious
Have you ever left your door keys under the welcome mat outside your house, or under the front wheel of your car?
I hope not – if so, I’d recommend you stop doing that.
I’d also recommend you stop doing the digital equivalent, by making it a little more difficult for hackers to find a way in.
If you’re using WordPress, one thing you can do to make it more difficult for hackers to log into your account is to change the default admin username.
- By default, the standard WordPress login is ‘admin’, giving hackers a place to start when trying to get into your account.
You can easily change your admin account by creating a new user, then deleting your admin account.
Giving the new user administrator access will mean that this new account will have full access to everything.
You can also migrate all content to a new username when you delete the old one. You’ll be asked if you want to attribute all content to a different user.
Be warned that if you don’t do this, all content from the username you’re deleting will be erased.
Beyond this, it’s also smart to use security questions that can’t be easily guessed.
- If the answer to your security questions can be easily found through research, they’re not as secure as you might hope.
- They’re also going to let you down if your answer is too common – for example, if the name of your first pet was Fido, don’t use that as an answer.
- Of course, if you can’t remember the answer to your security question, it’s not going to do you much good either.
Aim for a question that has a very specific answer which you haven’t discussed online. That way it’ll be more secure, and easier to remember in five or ten years.
You might also find it useful to set up a dedicated email address for password resets.
- It’s increasingly popular for people to use their names for email addresses, which makes it easier for hackers to guess your email.
- Using a special email address that doesn’t contain any distinguishing features to keep track of your accounts means it’ll be harder for hackers to stumble upon your password reset.
In most cases, hacking isn’t personal. If a hacker runs into opposition when trying to get into your site, they’ll give up and move on to try another website.
Use Secure Passwords
I’m not going to patronize you.
- We all know by now that ‘password’ is not a secure password.
- Neither is ‘PaSSWorD’, ‘password1234’, or ‘p4ssw0rd’.
Hopefully it goes without saying at this point that one big part of not making things too easy for cybercriminals is having a secure password that isn’t too obvious.
In spite of this, though, it’s still incredibly popular for people around the world to use incredibly simple or easy to guess passwords online.
Here are a few of my favorite most common passwords from 2015:
- ‘starwars’ (hey, the hype last year was powerful!)
I hope by this point that it goes without saying that if your password is on the above list, you should change it.
There’s more to passwords than avoiding common words, though – it’s also important to be sure that computers can’t be set up to automatically break down your password.
This is why it’s recommended that a good password has uppercase and lowercase letters, as well as numbers and other characters.
- Computers can easily search for common words within your passwords, but the more different kinds of characters you use, the more difficult it is for a machine to stumble across the right combination.
- Longer passwords are also advised – the more characters in your password, the longer a computer will have to spend working to come up with the right combination by trial and error.
The comic above points out that the longer a password is, the more secure it is – although I wouldn’t recommend using words in a password at all.
- It’s better to use gibberish – a series of letters that could mean anything but which could be an anagram or something that’s easier for you to remember.
There’s another problem that comes along with passwords: if you’re using the same password for multiple accounts, you might want to reconsider doing so.
Finally, if you’ve got the option to limit the number of password guesses a single computer can make, it’s best to do so.
This will stop hackers from trying thousands of times to get into your website.
Two Step Verification
A further step of security you can use to avoid unwanted visitors to the inside of your website is two step verification.
- This is a system that means that, in addition to logging in with your password, you also have to prove your identity through use of a second device.
The most common second device is a phone – setting up two step verification for your site means that whenever someone tries to log into your website’s admin area, you’ll be sent a text message with a code.
- Enter the code on the site, and you’ll gain access to your website.
- If you get a text when you’re not expecting it, you know someone’s trying to access your site illicitly.
Two step verification is useful because it means only you can gain access to your site, and you’ll be alerted of potential hack risks in advance.
It’s relatively easy to set up on a variety of online services, so I’d really recommend using it for extra piece of mind.
Just be careful to keep your phone from being stolen, as obviously this compromises your site.
Choose a Protective Site Host
It’s important to note just how crucial it is to get a secure website host.
Often instead of attacking you personally, cybercriminals will look to take down an entire website hosting service, affecting all users of their services.
This can lead to:
- Losing sensitive data
- Website downtime
- Malware injected into the code of your site.
What’s worse, all of these things can happen regardless of the level of security you’re maintaining on your site if your web host isn’t as careful about security as they should be.
As a standard rule with web hosting, you get what you pay for:
- Cheaper services often cut corners in order to lower their prices, which is why they’ll often not have the highest possible level of security.
To be sure that you’re getting solid security from your web host, look for a host with the following services:
- A Secure Data Center
- Data Backup (more on this later)
If a host is promising a high level of security, it’s worth doing some digging to find out exactly what they’re using and how secure it is.
Just be careful: having a secure host doesn’t make your site invincible, it just protects against some threats at a server level.
Even with a secure hosting service, you still need to do everything you can to keep your site from being hacked.
One of the more popular tricks hackers use involves spreading virus-laden download content that injects malicious code into your website.
- Once in place, malware can crack your site open for hackers to steal your data
- Alternatively, malware might be used to infect the computers of people who visit your website – this will hurt your business and may see your site treated unfavorably by Google and other search engines.
Malware can come in many forms, but typically they require you to actively welcome content onto your computer. This can include:
- Email attachments
- Website downloads
As a rule, unless you’re certain you can trust a source, don’t open a document or file that is presented to you online.
- Naturally, it also helps to have up-to-date virus protection on your computer.
There’s no perfect solution to avoiding Malware, but as long as you’re keeping away from suspicious websites and exercising a little common sense in approaching unsolicited emails and downloads, you should be able to avoid the dangers of viruses that could bring down your site.
Regularly Back Up Data
Everything else I’ve talked about up to this point has been about protecting your site from people who might want to do it harm.
Ultimately, though, it’s impossible to completely safeguard against hacks.
- Even the biggest companies in the world, with expensive security systems in place, are subject to hacks.
- It only takes a quick look at the Sony hacks of 2014 to highlight that nobody is safe from cybercriminals.
So while it’s important to protect your site, it’s also important to have a contingency plan in place just in case something goes horribly wrong.
One of the best things you can do to alleviate the damage that hackers could do is regularly back up your entire site.
- This means that if a hacker does make their way into your site, you don’t lose much content.
- You can easily restore an older archived version of your site to remove malware, replace missing content, or overcome the after effects of the hack.
There are plenty of options available for backing up your website.
- If you’re using WordPress, it’s possible to manually back it up.
- There are also plugins available that back up your site automatically.
By keeping archived copies of your site, you’ll be able to minimize the damage that a hack can do and get things working again as quickly as possible.
Be Safe and Use Protection
A hacked website can really ruin your day and put a damper on your plans for content marketing.
If you’re smart and careful, though, you can dramatically reduce the chance of having your site successfully targeted by cybercriminals.
What methods of website security would you recommend? Have you ever been the victim of hackers? Let me know your thoughts in the comments below.