Protect Your Site From Hackers: 3 Tips

Protect Your Site From Hackers: 3 Tips

They’re out there, lurking in the dark corners of cyberspace ready to wreak havoc on your websitehackers. It’s a real danger with potentially grave consequences – loss of business, loss of standing with Google, erosion of trust – the list goes on.

Why Do Hackers Hack?

A lot of reasons. Because they can, to make a political statement, to make a point, to prove how smart they are, to show you how vulnerable your site is, for their amusement, and the most common reason – for money. It doesn’t matter why they do it. There are things you can do, precautions you can take to make it nearly impossible for even the most sophisticated hackers to deface your website. Here are three:

1.Use Strong Passwords

Most hackers are able to do their nasty work by guessing your password. They’re very good at this. They assume you’re using passwords that contain some variation of your birthday, your pet’s name, your spouse’s name, your street name. You get the point. Make it harder for them by using stronger passwords. There are all kinds of services out there that generate random passwords. I like to use the Norton random password generator. This tool gives you the option to specify password length. I use a minimum of sixteen characters. You can also specify whether or not to include letters, mixed case, numbers and punctuation. Choose options that make your password difficult to remember and a pain to type. If it’s hard for you, it will be hard for them. But beware! Make sure you write the password down before you change it. Obvious right? Many people forget to do this and get locked out of their own websites. Another tip. Don’t use the same password for all of your resources. Why not? Do I really have to explain?

2. Monitor Suspicious Activity

If your website is built on the WordPress platform, and all of my clients’ sites are, make sure your webmaster is using a plugin that alerts you when it detects any kind of suspicious activity on your website. This is invaluable. You can then take appropriate action like blocking IP addresses that are the source of brute-force attacks (repeated login attempts), updating old versions of WordPress and any installed plugins, identifying and deleting suspicious files that contain known viruses and more. There are several plugins that do this. Ask your webmaster if one of them is being used on your website. If the answer is no… well, use your own judgment here.

3. Double Authentication or Two Factor Login

When an attempt is made to log into your website, double authentication will send an email to the inbox of the user trying to log in prompting him/her to verify the login attempt. Since hackers don’t have an email address associated with their user account, they will never get the email and will not be able to login. If the attempted login is from a legitimate user, once the login attempt is confirmed you will then be able to designate the computer from which the login attempt was made as a trusted device and you won’t be asked to confirm logins in the future. A bit inconvenient? Yes. Worth the inconvenience? Absolutely!

A Piece of Important Advice

Make sure your site is being backed up on a regular basis. Most web hosting companies will routinely backup websites but usually only once per week. And they won’t store previous backups. What happens if your site gets hacked (or defaced – a word I prefer) before a scheduled backup? That means that the most recent backup available was done after the hack and will be totally useless. Make sure your webmaster is backing up your site more than once per week and that several backups are being stored. That way, if your site gets defaced a recent backup will be available to restore your site.

And Now Back to You

Has your site been hacked? What did you do about it? Do you have sufficient protection to prevent a site defacement? I hope so. Talk to me.

Photo courtesy: brianklug

WordPress Invades Hub 2012

WordCamp 2012

When I was deciding which CMS (Content Management Platform)  to adopt as my primary web building tool, I chose WordPress because of the size and enthusiasm of its community. Well, I just wrapped up WordCamp 2012 (read my take on WordCamp 2011)  hosted, again, by Boston University and can tell you the community is growing in both size and enthusiasm. It’s also getting younger – or maybe it’s me just getting older. In any case, I’m encouraged by the collective intelligence, creativity and determination of our 20 and 30 somethings.

Who Are All These Smart People?

So as I did last year, I’d like to thank the following people for making me smarter:

Web Designer's Guide to WordPress Book Cover

Jesse Friedman’s book. As he says, “Buy It!”

*Jesse Friedman wrote a book. Here is how he told us about it: “Oh, by the way, I wrote a book. Buy it.” I’m certainly going to, even though, as Jesse said, “you’ll have to wait four months to get it.” Gotta love the off-handed manner in which such a bright young guy announced such an impressive achievement.

See you all next year.


WordPress Invades the Hub

WordCamp Boston

I just wrapped up a great weekend of WordPress related stuff at the Boston WordCamp 2011 held at Boston University’s Sherman Hall. Man there are a lot of really smart people out there and I’m grateful for their willingness to share their knowledge. For me the sense of community has always been the differentiator between WordPress and the myriad other content management systems out there. Oh I know that there are other CMS communities but I’m talking about COMMUNITY as in the willingness to share, to help, to NOT judge and to make you feel welcome. The T-shirt and the great lunch (sponsored by .tv) were certainly an added bonus.

Who Are all These Smart People?

Okay, I get that you may not care about any of this but if you’re going to hire me to build your website you should feel comforted that I care about it. So, many thanks to the following people who gave their time to make me smarter:

  • Alan BergsteinConverting an old site to a fresh WordPress Site
  • Tom CataliniTom’s Top Ten Tips for Blogging on WordPress
  • Mike Susz WordPress Theme Construction
  • Sara CannonTheming & Mobile: Optimizing your WordPress site for Various Devices
  • Boaz SenderExploding Your WordPress Theme with CSS3
  • Chris Penn How to Market Your Blog
  • Joselin ManeHow Blogs Are the Core to Any Social Media Strategy
  • Doug Yuen Improving Your WordPress Productivity
  • Jake GoldmanGetting Started with WordPress as a CMS

Content RulesAnd a special thanks to C. C. Chapman (who has to be the world’s friendliest human being) for not making me feel like a complete dork for asking him to sign his book, Content Rules.

By the way, Boston University deserves a thank you too for allowing the WordPress community to take over the George Sherman Union building at 775 Commonwealth Avenue in Boston.

City of Champions

City of ChampionsSidenote: On one of the breaks between sessions I stepped outside, and with the sound of delirious Red Sox fans coming from Fenway Park three blocks away, snapped this picture of a poster hanging in the window of the Sherman Union building. Pardon me for gloating.

Who Will Update My Website? – You Will!

Back in the old days of the internet – I’m talking about 1995 – [because the web and the technologies associated with it change at lightening speed, I like to think of web years as dog years – one year equals seven. That means that 1995 was really 112 years ago ] building a website was a difficult process reserved for technical types who were schooled in HTML (Hypertext Markup Language), the programming language used to build web pages. This meant that whenever changes had to be made to a company’s website, whether the addition of images or the editing of text, the technical staff had to get involved. This was time consuming and costly. The internet became flooded with static web pages that almost never changed. Publish it and forget it was the rule.

Fast Forward

As the internet evolved and businesses began to see its enormous potential, products were developed to give non-technical people the ability to build and maintain websites without knowing HTML and without involving the technical staff. Some of the early tools, Microsofts’s Front Page1 and Macromedia’s Dreamweaver2 to name two, broke new ground but were clumsy and often plagued by bugs and inconsistent results. As the web began adopting uniform standards, web building and management tools continued to evolve. At the same time, the proliferation of websites demanded that non-technical staff be able to manage their web properties while leaving the IT staff to manage higher level priorities. The content management system was born.

So What Exactly is a Content Management System?, a European internet consulting firm specializing in helping companies choose the best content management system for their needs offers a simple, concise working definition:

Web Content Management systems were developed to resolve the issue of having highly experienced technical staff adding low level content to a website. In essence, a CMS exists to allow non technical staff to create or amend web pages without the need to involve the technical staff.

It’s worth repeating. A CMS provides the opportunity to create, edit and control content by presenting the non technical user with an interface that requires no knowledge of programming languages or markup to create and manage content.

How Many Content Management Systems Are There and How Do I Pick One

The good news is that you don’t have to pick one. Not all content management systems are the same. It’s the job of your web design company to assess your needs and choose the system that best matches those needs. Builtwith Technology, a web based provider of usage statistics offers this list of the top ten most popular content management systems:

  • WordPress – with 4,064,217 websites
  • Joomla – with 1,408,972 websites
  • Website Tonight – with 452,259 websites
  • Blogger – with 398,653 websites
  • Homestead – with 305,454 websites
  • Drupal – with 281,231 websites
  • Microsoft Office Live Small Business – with 161,104 websites
  • Google Sites – with 153,576 websites
  • TYPO Open Source CMS – with 152,225 websites
  • NetObjects Fusion – with 140,792 websites

In the final analysis, the only questions that really matter when choosing a content management system are:

  • does it address all my business needs
  • is it easy to use

I’d like to know what you think. Why not post a comment?

1. Microsoft no longer manufactures Front Page and no longer supports existing versions
2. Dreamweaver is now produced by Adobe and modern versions are dramatically improved and quite useful