It’s the fear of almost anyone who has a website – from the sole proprietorship selling handmade merchandise, to corporations like Amazon. It’s always a fear and always a problem. It’s something you must be on top of 24/7, 365 days a year. Here are a few tips to help you prevent a website hack.
* Create Hard Passwords for Your Logins – Passwords should be 16 characters and include uppercase, lowercase, numbers, symbols, and spaces. In addition, ensure that you don’t use the same passwords for everything. Then you should change them often, approximately every 90 days.
* Keep Your Site Backed Up – You should back up your site every single day. Plus, back it up before you change anything and then again when you know the changes are working. Keep multiple backups, because you may not notice a problem with your site and accidentally have an infected backup.
* Purchase a Monitoring Service – There are numerous services that help tremendously with keeping your site safe from hackers. Solutions like eSecurityToGo is a good choice, as is SiteLock. Look for something within your budget. Ask your colleagues if they know someone.
eSecurityToGo – http://www.esecuritytogo.com/
SiteLock – https://www.sitelock.com/
* Review Custom Code – Sometimes custom code can come with some serious security issues and ways for hackers to break in. Check all custom code to be sure it’s secure. If you outsource this, ask that they ensure it’s secure and to explain to you how it’s secure.
* Check Plugins – Some people buy or use free plugins, apps that add functionality to your website, and they can leave holes for hackers to exploit. Check to ensure that your plugins don’t offer openings for hackers.
* Update to SSL – If your site doesn’t have an “s” after the HTTP, then you’re missing out on some security for yourself and your customers. Be sure to upgrade as soon as you can to SSL. Ask your hosting about it.
* Toughen Access Control – You don’t want too many people to have admin access to your website. Lock that down so it’s just a couple of people who need that type of access. The fewer times you share that information, the better.
* Install Security Apps – There are many apps you can install that tighten up security. For WordPress, you can install Wordfence, Sucuri Security, and others. Check with your theme maker too, as they might have their own plugin that works best with their theme.
Wordfence – https://wordpress.org/plugins/wordfence/
Sucuri Security – https://wordpress.org/plugins/sucuri-scanner/
* Hide Admin Pages – Don’t make admin pages or login areas visible to the public. Keep them private by giving them a link that only the people who need access know, instead of keeping it /admin.
* Update Everything Often – It’s important to update your website, any special code, apps, plugins and so forth to close any security gaps. Most updates plug holes in security, while some of them improve functionality.
You can keep your site safer but if your site gets hacked anyway, it’s best to have one of the monthly monitoring services. In this way, you can get help faster and it won’t be as big of a deal as if you had nothing in place for a solution.