How to Save Your Website From Hackers

We’ve all been there. You didn’t update your Gmail password until it got hacked and started spewing out spam emails about some dating website to acquaintances you haven’t spoken to in years. You didn’t update your social media until you got the email from Twitter saying, hey, there’s some suspicious activity going on. Work email? Let’s face it, you’d never update that shiznat if the tech team didn’t make you every few months. And so on and so forth. For many of us—except for the truly paranoid (aka on top of it) out there—we’ve got enough to do than think of securing our 550,687 logins and think in terms of security.

But have you ever had your website that you worked so hard on and paid beaucoup of dollars to copywriters and/or web developers to launch hacked into and destroyed?  It’s not a pleasant experience and could result in you having to start all over again (yes from SCRATCH!) if the proper backups weren’t in place. Hackers are getting stronger and better at what they do. And for whatever reason, they would love, love, love to mess with your website.

Message Sprout gets at least a weekly email from WordPress saying how there were 27 attempts to login and someone was blocked. Was that us trying to login? Nope. Hackers.

For advice on what to do to save your website from hackers, we went straight to Jeff Corey of Visual Soldiers who, among other things, builds beautiful websites (like ours!). The following is his totally doable (meaning: no reason to slack off on this because it’s too hard) must list for what to do to save your website from hackers—just in case.

Update Your Software and Plugins

Countless websites are compromised every day due to the outdated and insecure software used to run them. It’s best to update your website as soon as a new update is available for any plugins, framework or CMS. Hackers devote their life to building automated systems with bots constantly searching and scanning every site they can look for exploitation opportunities. Not keeping your software and plugins up-to-date is one of the most common reasons a website is compromised.

Use Long and Strong Passwords

Believe it or not, people still use the word “password” or “123456” to secure important material. It is crucial to use strong passwords for your website, admin area, hosting account or any third-party software. If you’re like me, you have been building up a massive list of passwords for the past few years. It would be nice to keep these all organized to help you remember them. PC Magazine just released a great article on the best free password managers this year.

Set Up SFTP and Website Access

For accessing your website server it’s best to have an SFTP (Secure File Transfer Protocol) set up as a minimum. There are plenty more secure options out there, but this is a great place to start. By default, SFTP uses the SSH protocol to authenticate and establish a secure connection. Because of this, the same authentication methods are available that are present in SSH. A quick search or call to your website host will help you learn more about setting up SFTP to access your website.

Back Up, Back Up, Back Up

We can’t stress this enough. Keeping nightly or even weekly website backups is a must. If you have a simple HTML website, you have a smaller chance of getting hacked, but it’s still a great idea to keep a backup of your website files. For PHP, WordPress or any other dynamic websites, you need to create a backup system that works for your individual needs. Since these sites are generally database driven, you will need to backup your website files as well as your database for each site. If a hack was to occur, you would have all of your data safe and would be able to rebuild your website quickly.

Specifically for WordPress, we recommend using a combination of a plugin called BackWPUp along with Dropbox. You can set your backup files to sync directly to your Dropbox account automatically. This is one of the best “set it and forget about it” backup options for WordPress. You can learn more about how to set this up here.

The mindset of “it won’t happen to me” is just not viable for this day and age, especially when it comes to securing your website, so take these above tactics to heart and get it done sooner rather than later, for safety’s (or your sanity’s!) sake.

Have a question for Visual Soldiers about developing a cutting-edge website experience for your brand? Contact them here.

Looking for better quality website copywriting and brand content? Let us know what you need.