Preventing your website from being hacked
The last thing that any website owner wants or needs is to become the victim of a malicious hacking attempt. Hackers target computers or websites for a variety of reasons, which may include stealing client data, financial information, passwords, emails or quite simply because they like causing disruption…
A hacked website can often redirect people to another web address, display disturbing graphics to users, distribute malicious files or send spam emails from your domain to name but a few effects. Quite worryingly though, in some instances, it may not show any visible signs!
Luckily, there are a number of thing that you can do in order to prevent your site being hacked. These are as follows:
1) Create strong passwords for all entry points to your website.
2) Make sure any computer connecting to the site (via any entry point) is regularly checked for viruses and spam ware. There are certain malicious programmes that can either monitor key presses or search your history to obtain access details. We recommend using the free programme ad-aware by Lavasoft.
3) Ensure if you are using a dynamic site, that the software you are running is the most up-to-date version. Developers are constantly fixing loopholes in their software, therefore by staying up-to-date you reduce the risk of exposure. One suggestion is to associate your website with Google webmaster tools, which will automatically email you if your software becomes out of date.
4) Ensure you are running the most up-to-date software on your computer. This is often overlooked by people, but a common cause of hacking, comes from people using out dated java engines or browsers for example.
5) Validate all input fields. If you have any contact forms on your website, then you should ensure these are validated before being allowed to be submitted. Check they are the correct size, and contain the correct types of information.
6) Do not keep sensitive information on your web server. Web crawlers will often index files whether you want them to or not… if you must keep information on your server, attempt to stop them being index using robot.txt.
7) Control access to files and directories using ‘file permisions’ and ’.htaccess’. You may need to ask your web developer to do this, but basically you need to ensure that only essential files to the display of your website are accessible. Lock down everything else as per developers instructions.
8) Choose a reliable web hosting company. There are many other security issues relating to the hardware / software that your site is running on. It is the hosting company’s responsibility to maintain their servers and keep them up to date and protected. We recommend Unlimited Web Hosting to our clients, as they are fast and reliable. We host several sites with them and have had no issues. Whichever company you choose, be sure to look at their customer ratings before signing up with them.
9) Take regular backups. Most hosting companies will take regular backups going back several days and maybe up to a week. However, there is nothing to stop you keeping your own backups (every 2-4 weeks). If you are hacked, often all you need to do is revert back to your backup and everything is sorted (be sure to delete all existing files). The further back your backups go, the more chance you have of a pain free restore.
10) Use a programme to monitor your site. We previously mentioned Google Webmaster Tools, if installed and associated with your site, it will automatically send you an email if it detects malicious code. There are also free sites available that will scan your site every X minutes and send you an email if its unreachable. We recommend Montastic for this.