Protect Your Site From Hackers: 3 Tips

Protect Your Site From Hackers: 3 Tips

They’re out there, lurking in the dark corners of cyberspace ready to wreak havoc on your websitehackers. It’s a real danger with potentially grave consequences – loss of business, loss of standing with Google, erosion of trust – the list goes on.

Why Do Hackers Hack?

A lot of reasons. Because they can, to make a political statement, to make a point, to prove how smart they are, to show you how vulnerable your site is, for their amusement, and the most common reason – for money. It doesn’t matter why they do it. There are things you can do, precautions you can take to make it nearly impossible for even the most sophisticated hackers to deface your website. Here are three:

1.Use Strong Passwords

Most hackers are able to do their nasty work by guessing your password. They’re very good at this. They assume you’re using passwords that contain some variation of your birthday, your pet’s name, your spouse’s name, your street name. You get the point. Make it harder for them by using stronger passwords. There are all kinds of services out there that generate random passwords. I like to use the Norton random password generator. This tool gives you the option to specify password length. I use a minimum of sixteen characters. You can also specify whether or not to include letters, mixed case, numbers and punctuation. Choose options that make your password difficult to remember and a pain to type. If it’s hard for you, it will be hard for them. But beware! Make sure you write the password down before you change it. Obvious right? Many people forget to do this and get locked out of their own websites. Another tip. Don’t use the same password for all of your resources. Why not? Do I really have to explain?

2. Monitor Suspicious Activity

If your website is built on the WordPress platform, and all of my clients’ sites are, make sure your webmaster is using a plugin that alerts you when it detects any kind of suspicious activity on your website. This is invaluable. You can then take appropriate action like blocking IP addresses that are the source of brute-force attacks (repeated login attempts), updating old versions of WordPress and any installed plugins, identifying and deleting suspicious files that contain known viruses and more. There are several plugins that do this. Ask your webmaster if one of them is being used on your website. If the answer is no… well, use your own judgment here.

3. Double Authentication or Two Factor Login

When an attempt is made to log into your website, double authentication will send an email to the inbox of the user trying to log in prompting him/her to verify the login attempt. Since hackers don’t have an email address associated with their user account, they will never get the email and will not be able to login. If the attempted login is from a legitimate user, once the login attempt is confirmed you will then be able to designate the computer from which the login attempt was made as a trusted device and you won’t be asked to confirm logins in the future. A bit inconvenient? Yes. Worth the inconvenience? Absolutely!

A Piece of Important Advice

Make sure your site is being backed up on a regular basis. Most web hosting companies will routinely backup websites but usually only once per week. And they won’t store previous backups. What happens if your site gets hacked (or defaced – a word I prefer) before a scheduled backup? That means that the most recent backup available was done after the hack and will be totally useless. Make sure your webmaster is backing up your site more than once per week and that several backups are being stored. That way, if your site gets defaced a recent backup will be available to restore your site.

And Now Back to You

Has your site been hacked? What did you do about it? Do you have sufficient protection to prevent a site defacement? I hope so. Talk to me.

Photo courtesy: brianklug

Warning: What You Don’t Know About Web Hosting Can Hurt You

Warning: What You Don’t Know About Web Hosting Can Hurt You

Web Hosting: A Simple Definition

A website is a collection of files that resides on a computer. The entity, company or person that provides the computer on which a website resides is said to be “hosting” the website. Think of it this way. Your web hosting company is your landlord. You, or more specifically, your website, are the tenant. Does that make sense? Good. Let’s continue the analogy. When you rent a space from a landlord you want to know what comes with the rent. Are utilities included? heat, electricity, etc. How big is the space? How long is the lease? Here comes a universal truth. When it comes to web hosting, you get what you pay for. High rent, lots of amenities. Low rent, few amenities. Let’s look at one very common and very cheap (sorry, I meant inexpensive) hosting option.

Shared Hosting

Just what the name suggests … and also how web hosting companies make their money. Hosting providers keep the cost way down because they put hundreds of websites on the same machine enabling them to conserve server resources. Caution: You get what you paid for (I think I said that already). Here is what you need to know about shared hosting and why not knowing it can hurt you:

  • So many websites on one machine can and will effect the performance of your website. Your website will be slow and your visitors will be frustrated. Frustrated users won’t come back. Ouch!
  • If one of the websites on the server gets hacked or infected, all the sites on the server are in danger.
  • If one of the sites has questionable content and gets blacklisted by Google, other sites on the server may get blacklisted too – like yours!
  • If your site requires additional resources to deliver the intended user experience, those resources may not be available if the web server has hundreds of other sites on it. One result could be sites crashing – like yours!
  • If your site needs an extra layer of security (important when you’re accepting online payments, asking users for sensitive information via a web form, etc), a shared hosting environment won’t support the installation of an SSL certificate (a file with encryption code that will protect your site from being hacked).

The point is this. If your site is a simple collection of html files with no database back end, no user interactivity, very little traffic, static content and few graphics,* shared hosting might work for you.

*NoteIf I just described your website, hosting is the least of your problems.

A Cautionary Tale

I, or should I say, my clients, have had problems with a particular hosting provider. It’s probably not prudent to mention the company’s name so I’ll just give you a hint. It starts with Network and ends with Solutions. They’re not a bad company. I have all my domain names registered with them. But they are just not set up to provide the proper level of support for high performance websites, particularly those built on the WordPress platform. I always steer my clients in a different direction. But there are times when working with Network Solutions is unavoidable. During a recent plugin upgrade for one of my client sites the website encountered a fatal error related to insufficient memory. A fatal error is bad. The site’s functionality was compromised. After endless phone calls and conversations with support personnel I finally reached a technical supervisor.

“A technical supervisor,” I thought. “Now we’re getting somewhere.”

I’m paraphrasing but here is the gist of what he told me: “Our shared hosting solution doesn’t support the needs of a typical WordPress website. With a WordPress site you’re better off hosting with someone else.” Huh!? I did some checking. The screen capture below reveals that there are a total of 304 websites on the same machine as my client’s site. No wonder there are problems.

Web Hosting

The Takeaway

Shared hosting is not  the only hosting plan available. There is VPS or Virtual Private Server, there is dedicated hosting, there is managed hosting. You’ll have to keep tuning in as I explore each of these separately. I wanted to concentrate first on shared hosting because it’s the most popular and least expensive option. And don’t misunderstand. I’m not saying that it’s never the right solution.  Just be aware of the potential risks and dangers. Ask the right questions based on your understanding of the needs of your website. Better yet, consult with your web design company and make sure they ask the right questions.

And Now Back to You

Have you had problems with your website loading very slowly or taking too long linking from one page to another? Did you consider that the problem may have been related to your hosting plan? How did you resolve the issue?

Marvin Kane, President of Kaneworks