I was uncomfortable and unhappy after I watched someone hack into a site in less than 5 minutes. It was so easy to do! So, I followed “the hacker’s” advice to reduce this from happening to me and then cried (just a bit) when I completely messed up my site’s layout in the process. That was the bad news.
After I got over my initial panic, I put up a temporary construction sign on my site and posted an apology on my Facebook page. I called my site host for help and felt very embarrassed when the rep sent out a test email to my subscribers before I could stop him. I told myself that my layout and embarrassment headaches were far less severe than the migraine I’d get if a hacker turned my site upside down and then I somehow managed to fix my layout issues relatively quickly. This was the good news.
Now why would someone hack into your site? Some do it for the challenge and others do it for financial gain, even if there is no obvious revenue source on the site. For example, malware can allow hackers to invade privacy and earn revenue by monitoring web browsing and internet usage to sell products or browsing habits to others. It can force advertising onto a site and it can redirect affiliate marketing dollars. In some cases it is obvious that a site has been compromised, and in others, the breach is invisible.
In case you’re thinking this doesn’t apply to you, keep in mind that over 2 million new malware strains surface monthly (McAfee) with an increasing cost to consumers of $2.3 billion dollars in 2010. (Consumer Reports). “Google safe browsing” issues over 3 million malware warnings a day and blacklists almost 10,000 sites per day. Users are warned to avoid sites that are compromised in 12-14 million Google Search queries per day but warnings are lifted when infected sites are cleaned up.
So, what makes it easy to hack into a site or blog? The primary factors are outdated software and weak passwords. Issues on your hosting provider’s end and zero day exploits (malware for which there are not yet solutions available) can also be a cause. But don’t despair! It’s easy to protect against the most significant weaknesses. Here’s how:
1. Backup and backup often
- Backup your site on a different server or computer. My site host, Hostgator.com, walked me through each step to teach me the process.
2. Update your site platform (i.e. WordPress, Tumblr), plugins and themes regularly
- Outdated software is the cause of most infections. Updating helps avoid vulnerabilities that have since been patched.
- Update one item at a time and verify your site is okay before moving to the next item. This will let you know what caused an issue, should one arise and it allows you to easily go back a step to rectify it.
3. Use very strong passwords and keep them private from humans and platforms
- Weak and exploited passwords compromise sites because open source software (available for free on the internet) easily determines user names and passwords by brute force. In fact, this is how the hacker got into the site in the demo I witnessed. For password tips, read How to Create Strong Passwords.
4. Use only trusted sources for themes and plugins
- I only install plugins and themes from within my WordPress site. I do not use any from Google/browser searches.
- If you don’t use it, remove it! Get rid of inactive plugins and themes – get an updated version when you need it.
5. Install a plugin to limit log in attempts by humans and by password cracking software
6. Use auto-updating anti-virus software on your site
7. Do not log into your site via open or unsecured WIFI
8. Use admin access sparingly
- If others need access to your site, give only enough to do their job. Reduce or eliminate access when they are done.
- Use admin for admin purposes and editor access for creating posts. The less admin usage, the less hacking opportunity.
- Limit client access to reduce honest mistakes and breaches.
Constant updating is annoying because of the time and inconvenience of making sure everything is okay afterwards or the necessary time it takes to repair issues caused by them. That said, I cannot emphasize the importance of updating enough. I watched the hacker delete everything from the site he broke into in a matter of seconds. All that remained was a triumphant graphic announcing his success.
Ouch! I’ll take the frustration of layout issues over that anytime. How about you?
Until next time, … Stay Cyber Safe.