By Kayla Matthews
When it comes to our websites, we all have a false sense of security. I’m sure you are like many other website owners, who think that their site will never get hacked or compromised. Yet, websites are compromised every day, and not necessarily to steal your data.
Instead, some hackers would rather use your server as a host for spam, or for illegal activity. Use this guide as a way to prevent your site from getting hacked, or to get your compromised website back and running again quickly.
1. Keep Your Software Updated
This tip might seem obvious, but if you are like most people who find performing software updates time consuming and a hassle, this is very important. If your website is going to stay secure, its software needs to be up to date for security purposes. It is much easier for a hacker to access your CMS when they can find entry points within your software. By keeping your content management system up to date, you will make it that much harder for a hacker to take over your website.
2. Username and Password
Another pretty obvious tip, but having a password that is secure and difficult to crack is probably one of the most important elements of your website’s security. To save time and energy, you might have made a password that is easy to remember and pretty common. Unfortunately, with a password like this, you make it much easier for a potential hacker to guess it. Thus, it is strongly suggested that you do not create a password that includes the name of your relatives, friends, family, pets, important dates, etc.
Hackers have special tools to perform a cryptanalytic attack on your server and password. The main purpose of this type of an attack is to continue to try possible words until the right one is found. Thus, this type of attack could take over your CMS if your password is made up of a simple word that is just one case. Create a strong password that incorporates different cases of letters, symbols and numbers that are random and not a pattern. Keep this password in a safe place, and remember to update your password regularly.
3. Have a Backup Ready
To be safe, you should always have a backup stored in a safe place on your computer, or external server so that you can use it if your site has been hacked. Using a backup will be the quickest way to get your website back to normal.
Equipped with your backup, you should only have to find the files that have been changed by the hacker and delete them. You should then upload files from your backup as needed. For instance, if one of your blog posts has been tampered with, remove that file from your CMS and upload your backup file.
4. File Uploading
An easy way that your website could end up compromised is by allowing users to upload files to your site. This can be a big security risk, even if all they want to do is change their avatar. No matter how innocent or safe a file that is uploaded may seem, one small script within the file could give a hacker access to your CMS. If your blog uploads a lot of files, be sure you know who is uploading each one and that they are a trustworthy source.
If you are using a hosting provider for your website, most ensure that the files users upload are secure and safe. If you are hosting your website on your own server, the first thing you should check is that you have a firewall setup. You should also only allow secure transport methods to your server through SSH or SFTP transfer protocols. Of course, you could also just not allow users to upload files to your site if you are worried about the possibility of your site being compromised in this manner.
Use SSL security protocol to securely connect to a web server over the insecure Internet. In a browser, SSL is being used when your browser displays a padlock and green bar. You should ensure that SSL is active when you are passing and entering personal information between a website or web server. SSL is typically used to secure credit card transactions, system logins and any sensitive information that is being exchanged online. Thus, if you are sending personal information in an insecure manner on different websites, hackers may be able to use this information to access your CMS and personal data.
With the tips above, you should be equipped with some methods of how to combat and prevent hackers from accessing your CMS. Ultimately, you should remember to perform all software updates when they become available and make sure that your CMS account password is strong and very complex. With up- to-date software and a tough password, your website should remain safe.