There are volumes that can be written about internet security, however in this brief blog post, I’m going to attempt to cover the basics of keeping your website secure.
Whenever you have code, there are always opportunities for vulnerabilities. Opportunities for hackers to compromise your scripts and gain access to your data, alter your website, or send SPAM from your site.
If your website is written in proprietary code, you often have a bit of advantage in that the hackers aren’t able to see your code to know where the vulnerabilities are. However if you’re running a packaged software (WordPress, Vbulletin, Zen Cart etc…) then the hackers are able to obtain that software, the same as you, and thereby can see and study the code to know where the weaknesses are. So you are more likely to be hacked running popular scripts.
Developers of these scripts, like WordPress, generally do a great job with keeping a pulse on the community and becoming aware of these vulnerabilities and fixing them in a timely manner, however to patch these issues, you must keep your software up to date.
If you are running outdated versions of software on your website, and vulnerabilities are known, then you are a sitting target just waiting for hackers who seek out sites running old versions of common software to attack.
And you can’t stop with just updating your software scripts, you have to make sure that all your plugins, themes and modules are all up to date, because each and every script or file on your website, has the potential to be an open door to a hacker if there is a vulnerability.
Next, and often overlooked, is the importance of complex passwords. You should avoid the obvious, like “password” or “1234” but also dictionary words in general. Scripts can hack simple dictionary word passwords in no time at all. Even the trick of replacing certain letters with numbers, like replacing an “o” with a zero can be hacked in days. The most secure passwords are strings of random words together, like “CorrectHorseBatteryStaple” and it becomes even harder to crack if you throw in some capitalization, numbers and special characters.
Lastly, no form of security will be 100% foolproof. There’s always a chance that your data could be compromised. So frequent and regular backups are essential. Make sure you keep multiple sets, like a daily, weekly and monthly, so if your site was hacked, you can roll back to a version prior to the hack. Keep in mind that sometimes you don’t realize you’ve been hacked, so last night’s backup might be compromised as well. You might need to go back a week or more.
Keep in mind if you have been hacked, and you restore from a backup, make sure you update things and take effort to avoid getting hacked again. If you simply restore and take no action, you will likely continue to be a target.