They’re out there, lurking in the dark corners of cyberspace ready to wreak havoc on your websitehackers. It’s a real danger with potentially grave consequences – loss of business, loss of standing with Google, erosion of trust – the list goes on.

Why Do Hackers Hack?

A lot of reasons. Because they can, to make a political statement, to make a point, to prove how smart they are, to show you how vulnerable your site is, for their amusement, and the most common reason – for money. It doesn’t matter why they do it. There are things you can do, precautions you can take to make it nearly impossible for even the most sophisticated hackers to deface your website. Here are three:

1.Use Strong Passwords

Most hackers are able to do their nasty work by guessing your password. They’re very good at this. They assume you’re using passwords that contain some variation of your birthday, your pet’s name, your spouse’s name, your street name. You get the point. Make it harder for them by using stronger passwords. There are all kinds of services out there that generate random passwords. I like to use the Norton random password generator. This tool gives you the option to specify password length. I use a minimum of sixteen characters. You can also specify whether or not to include letters, mixed case, numbers and punctuation. Choose options that make your password difficult to remember and a pain to type. If it’s hard for you, it will be hard for them. But beware! Make sure you write the password down before you change it. Obvious right? Many people forget to do this and get locked out of their own websites. Another tip. Don’t use the same password for all of your resources. Why not? Do I really have to explain?

2. Monitor Suspicious Activity

If your website is built on the WordPress platform, and all of my clients’ sites are, make sure your webmaster is using a plugin that alerts you when it detects any kind of suspicious activity on your website. This is invaluable. You can then take appropriate action like blocking IP addresses that are the source of brute-force attacks (repeated login attempts), updating old versions of WordPress and any installed plugins, identifying and deleting suspicious files that contain known viruses and more. There are several plugins that do this. Ask your webmaster if one of them is being used on your website. If the answer is no… well, use your own judgment here.

3. Double Authentication or Two Factor Login

When an attempt is made to log into your website, double authentication will send an email to the inbox of the user trying to log in prompting him/her to verify the login attempt. Since hackers don’t have an email address associated with their user account, they will never get the email and will not be able to login. If the attempted login is from a legitimate user, once the login attempt is confirmed you will then be able to designate the computer from which the login attempt was made as a trusted device and you won’t be asked to confirm logins in the future. A bit inconvenient? Yes. Worth the inconvenience? Absolutely!

A Piece of Important Advice

Make sure your site is being backed up on a regular basis. Most web hosting companies will routinely backup websites but usually only once per week. And they won’t store previous backups. What happens if your site gets hacked (or defaced – a word I prefer) before a scheduled backup? That means that the most recent backup available was done after the hack and will be totally useless. Make sure your webmaster is backing up your site more than once per week and that several backups are being stored. That way, if your site gets defaced a recent backup will be available to restore your site.

And Now Back to You

Has your site been hacked? What did you do about it? Do you have sufficient protection to prevent a site defacement? I hope so. Talk to me.

Photo courtesy: brianklug