Website vulnerabilities and hacks have been in the news quite a bit in 2015. Google took initiative and started a campaign called #NoHacked in 2014 as a way to bring awareness to hacking attacks and also educate website owners on how to take measures to avoid becoming a hacker target. There is no guarantee that you will be completely free of hacks since even the biggest websites like eBay dealt with attacks but you can drastically lower the likelihood of an attack. The campaign has continued in 2015 with a few new guidelines you can check out below:
1. Strengthen Your Account Security
It’s important to create a ‘strong’ password that isn’t easily guessable. There are also resources for hackers online that list out the most common passwords. There are also lists of leaked passwords so it is advisable to avoid reusing passwords.
Google also recommends using 2-factor authentication. In a nutshell, 2-factor authentication is a process that requires a combination of two different components. An example would be a door that required a fingerprint and PIN in order to gain access. Another example would be an email address and PIN, something that the user knows and also has access to.
2. Keep Your Website’s Software Updated
Software with unpatched security holes is a very common way for hackers to compromise your website. WordPress is a widely used content management system with a massive user and developer community to develop helpful plugins and enhancements. Unfortunately, through a combination of security holes in the platform itself and plugins, WordPress websites are often hacker targets. Keeping the software up to date doesn’t guarantee being free from attacks but it should address and patch the most recent security issues.
Also, understand the risks of installing plugins and avoid adding additional unnecessary ones.
3. Research How Your Hosting Provider Handles Security Issues
Cleaning up a hacked website can be a pain. Know ahead of time how a hosting provider handles cleaning up hacked sites, not because you’re expecting a hack in the future but as a precaution. If they’re able to help guide you through the clean up process, you should see very little, if any downtime for your website.
4.Use Google Tools to Stay Informed of Potential Hacked Content on Your Site
This last point may sound a little self-promoting on Google’s part but using Google’s search console in Webmaster Tools is extremely helpful. Performing regular checks in the security issues section of Webmaster Tools is also a good practice.
You can also set up Google Alerts to send you notifications on any ‘spammy’ results appearing for your website.
Once again, there is no guarantee that you will be completely free from attacks but by following these guidelines you can avoid being an easy hacker target.
If you have any questions on how to update your website’s software, which plugins might be potentially leaving your website open to attacks, or any other security related issues, feel free to contact us or give us a call at 626.400.4511.