How to avoid being hacked
5 Common Reasons for a site to be hacked – and how to avoid it
It’s not always easy to fix a site once it has been hacked – especially if you don’t have a clean backup of your site to restore in an emergency.
I am not a security expert and these points are based on my research & experience only.
Prevention is better than cure
A lack of software updates
Most modern websites are made up of a variety of parts:
- Content management system (CMS) (see Reason 2)
- Plugins which give the site functionality (contact forms, image galleries, image sliders etc).
- A theme which informs the sites “look & feels”
- PHP (8 out of 10 websites you visit, they are most likely utilizing PHP in some form or another (See point 3.1 below)
In a perfect world, all these parts work together really nicely, but sometimes these elements need to be updated to keep things secure.
Developers release patches to fix any security issues & bugs. This is why it’s so important to check regularly for updates & apply them as soon as possible.
It’s worth noting that sometimes plugins are abandoned by their developers and they aren’t updated. In this case, a plugin like WordFence (below) will notify you of weakness in good time.
Install a Security Plugin
WordFence is an excellant option as it allows you to set it to alert you when updates & security issues are detected
Install Advanced Automatic Updates Plugin
Advanced Automatic Updates Plugin can automatically take care of any of the smaller updates for you – however, as conflicts can sometimes happen after an update it’s always a good idea to have multiple backups saved in case you need to roll back.
Regular Automatic Backups
Install a good backup plugin like UpDraft and schedule your backups at least weekly. Its also advisable to keep several backups on file so if one is corrupt, you can still go back further.
WordPress Core Files need updating too!
Just like plugins & each new WordPress update fixes security issues and bugs – if you don’t update your plugins, themes or WordPress regularly you are leaving your website vulnerable to security breaches and hacks.
Insecure Web Hosting
All websites are hosted on a web server, how that server is secured will directly affect the security of your website. Properly secure servers will block the most common attacks on the websites that they serve / host.
A word of caution regarding “Shared Web Hosting”
What is shared Hosting?
Shared hosting is easily the cheapest and most economical option when it comes to hosting, which is why so many people unwittingly sign up for it.
Shared hosting allows several websites to “live” on a single server. In most cases, you won’t know who or what websites you’re sharing with or what their security is like.
Think of a website on shared hosting like an apartment in a block of flats. If there is a fire in one apartment, it can easily spread through the whole block.
There are huge security risks associated with Shared Hosting. When one of the websites in the same server as yours is attacked, there’s a high probability that your website may be affected as well. In this situation, secure methods applied for your site might not protect it against hackers.
WordPress (and other CMS) run off a scripting language called PHP. Out of date PHP means your site is particularly vulnerable to security breaches (Hacks)… A good host will ensure their servers are constantly being updated to the most secure version of PHP. However, some hosts allow you (the client) to choose which version you want to run, so you may need to check if you have to do this manually from your Hosting cPanel (or similar hosting dashboard).
!! SECURITY RISKS !!
Out of date plugins, core files and themes on your website can become a security risk and may leave your website open to attacks from hackers who may steal clients data and spread malware.
You may also be interested in reading more about the ideal “How To Maintain Your Website“
If this all sounds too overwhelming
Contact me for an obligation free quote on maintaining & managing your companies website.