A Growth Industry
Recently the number of sites being hacked or infiltrated has risen rapidly. We see a lot of distraught site owners who have had their sites damaged, experienced a loss of rankings, or had data stolen.
Use Protection
Although most good hosting companies will protect their servers (and usually your site to some degree) it is very important to understand that you are responsible for your own site.
Take this analogy: You can use the strongest safe in the world, but if you leave the door open and someone empties it, you cannot blame the safe manufacturer.
Hacked Huh?
Before we offer you some simple tips, it is worth understanding a few basics about the different kinds of hacks, their purpose and how they can affect you.
We want to go into detail at this stage, but the number of exploits and the number of different types are increasing. Some of the most common include: XSS, SQL Injections and defacing
Staying up to date is a full time job, but like most types of crime, being prepared and protecting yourself should give you a better chance of weathering a storm should it happen.
So without further ado, here’s a basic primer on protecting your site from being hacked when it’s on shared hosting.
Simple Security Tips
1. Keeping Software Up to Date
If you are running old versions of software chances are it will insecure, make sure you upgrade to the latest release. Most updates to software are security or functionality related, which means if you are not running the latest version you are likely to have missed a few security fixes.
2. 3rd Party Scripts and Code
Plugins, widgets or any other code (including free templates and themes) you install are written by other people under unknown circumstances. Some may be great, some may be full of holes. Be sure to research any code you want to use that you didn’t write yourself. Even a few Google searches should help you find out how secure the code you are using is.
3. Your Own Fault
One of the biggest causes of Identity theft and an easy way for someone to get details to your site(s). Your own computer is likely to be a weak link in the chain. Whether it be from poisoned powerpoint files or someone phishing your account details, the vulnerabilities are limitless. No matter how secure your site is, if the machine you access it from (including logging in and editing etc.) is not secure you stand a good risk of being compromised and it may affect more than just your site.
Use virus scans, clear histories, secure your passwords and be aware of general security issues (try not to let your shiny new MacBook air be stolen). Open and Public wifi spots are an obvious security risk. If you give everyone access to your PIN number for your bank account, expect to be robbed.
4. Secure Passwords
A secure password goes a long way to slowing down a potential infiltrator (real hackers do not tend to be people that destroy sites, but ethically search for security holes in technology). Put simply passwords should always be a combination of letters and numbers, uppercase and lowercase. The longer the password, the better (though conversely the longer it is the harder it is to remember).
No dictionary words, no family names and no easily guess-able information either.
You can also generate a random password which is even more secure.
5. Checking Your Logs Regularly
Without watching who is visiting your site, what you are ranking for and similar you could be compromised and never even know it.
If you spot any unusual traffic (ranking for gambling, pharmaceuticals and sex terms is a common one) try working out where it is coming from / going to. From there if you are sure it is a hack you can get some quick help. (Send us a message, we’ll do what we can).
6. Outsource a Little Prevention
Using high quality software, a good coder (one who is security aware), hiring a professional security agency or using an automated method like the Firewall script or Hacker safe will help to reduce your risk. What you outsource depends on your needs (and resources of course).
7. Learn MORE
Nothing beats knowledge. The more you know the easier it becomes to spot problems (not just hacks) and resolve them. So, kick back, grab a soda and start reading (it could be worth more in the end than all of the search news and blogging tips you have in your RSS feed).
Here is a couple of useful starting points and interesting articles to checkout.
Trend Micro
Apache Security
MySQL Security
Security Focus
ha.ckers.org
Tips to Protect Your WordPress Installation
How WordPress Blogs are Hacked
8. Bonus Be Careful of the Company You Keep
Anyone with enough time, an Internet connection and some intelligence can find ways to cause you problems online.
Revealing too much, boasting or insulting others online is a good way to attract the wrong kind of attention. In the real world, having fewer enemies just makes life easier.
Monday, October 10, 2016
Powered by WHMCompleteSolution