How to stop my website from being hacked
If the Watergate Scandal happened today, it would probably involve the internet.
We’ve heard recent stories about the Russian government hacking into smart kettles and other kitchen appliances, and we’ve seen big websites like Netflix and Facebook go down thanks to DDoS attacks (where hackers take control of thousands of computers and use them to overload websites). But hackers can go after you too. Any website, big or small, can include a large amount of personal data, and a platform for takeover. Hackers of all different persuasions; political, criminal or both, are becoming increasingly adept at exploiting vulnerable security flaws in websites and hijacking them for their own ends. This week we look at some of the ways hackers get into your websites and the simplest ways to protect yourself.
Keeping your site up-to-date
Hackers love out-of-date software. The older software is, the more vulnerable it is to hackers. No software is invulnerable. The same is true for websites. The more time hackers have, the more likely they will be able to hack your website. That’s why security updates happen regularly, to patch holes or flaws in your website that are left wide open to hackers. Avoiding these security holes by updating your web hosting software is a great way to protect yourself.
You can avoid these flaws in a number of ways. The best way is to make sure you’re updated, but another way is to avoid relying on your own website. Third party software and web hosting firms are a great way of ensuring your website is secure by delegating it to others. Companies like WordPress will let you know of any needed updates when they become available, while having a third-party contact is a great way of making sure you have peace of mind. It also helps to keep track of mailing lists or RSS feeds (bulletins linked to your email account) that can flag up any website security flaws or the latest news on hackings.
Avoid unnecessary risks
Sometimes you can leave clues and routes open to hackers without considering their implications. File uploads are a big risk. No matter how normal or innocent a file upload may look, it could contain a script that blows your website wide open to hackers. Viruses and more can be hidden very easily in a whole host of files which can then exploit vulnerabilities in your website, allowing them alter your site, or steal a variety of information, including passwords if they’re not encrypted properly and securely.
You should make sure any users on your website, whether clients, customers, staff or administrators use complex and secure passwords that are difficult to crack. Not only should you enforce at least of a minimum of 8 characters, including uppercase and lowercase letters, a number and a symbol, but you should also avoid giving clues to hackers on your site. Instead of giving a hint that it’s a password or username that’s wrong, you should be vaguer. You should limit the number of attempts and perhaps consider adding a spam filter, to check for robots. These precautions are to guard against brute force or dictionary attacks, attacks that fire a series of random combinations at your website to try and break in.
Don’t forget the basics
Admin pages are a great way for hackers to break into your website. They provide a direct route to target hackers’ energies into the base of your site. Hiding your admin sites is vital to stop hackers finding an open goal. This includes using the robots_txt file to try and stop search engines from listing them. If your admin files aren’t indexed, they’re far more difficult to find.
Vulnerabilities don’t have to be with the website itself, they can be with your web-users. One of the best ways to stop hackers from exploiting lazy or incompetent users is to make sure form auto-fill is disabled for your website. Auto-fill allows instant access to sites from a stolen phone or computer. A great way to try and discourage this further is a tick box with an option for users that are on their own computer, or one out and about.
Websites will always get hacked; hackers get more sophisticated on a yearly basis. The best way to guard your important data from being destroyed by a hack is to keep everything backed-up in multiple different formats. The cloud and physical storage are the perfect ways to back-up your data just in case. But remember, you need to back-up your files regularly, or you could be at risk of losing days’, or even weeks’ worth of work. It’s inevitable that your website will get hacked at some point in its lifespan, hopefully these hints will help minimise the likelihood of long lasting damage and prevent valuable data from being stolen.