Is your website adequately protected?

Image of an umbrella shattering a smashing ball on a chain to illustrate the protection offered by Fiona Storey website maintenance packages

 

Imagine this scenario:

You have spent a lot of time and a fair amount of money on your new website. Whilst your website developer did most of the work on the text as well as create the overall design with its different page layouts, you are the expert in your field. You therefore had to decide on the pages you need, think about how they would be most effectively structured in terms of the navigation, and provide the basic content. The website developer (or their copywriter) took that, researched terms that are most entered in the search engines to come up with suitable key words. They then rewrote the text for each page to include the relevant key words and communicate effectively with your typical market. Your website is published with much flourish and you are proud of it so you tell everyone about it. Two months later business is booming when your website is hacked and taken down by the hosting company 🙁

What do we mean when we say “your website has been hacked”?

Hacking generally means that someone has obtained access to the back end (i.e. the files and folders on the hosting server) of your website in order to add their own code (known as malware) to it. There could be several objectives in doing this: for example, the hacker could be using your website as a vehicle for installing viruses on your visitors’ computers, using your website to attack other websites, or redirect your visitors elsewhere. They could also be looking to steal data from your website, notably personal information that visitors have submitted via electronic forms from your website. Depending on their objectives and also their skill as a hacker, you may be completely oblivious to the fact that your website has been hacked. On the other hand, you might find your website has been replaced by an obscene message. One organisation I know became aware that their website had been hacked when they found Google searches were representing them in Japanese.

How can hacking be prevented?

It can be extremely difficult to identify all the code associated with malware and remove completely from a website. However, there are basic actions that you can take to minimise the risk of hacking and, should it still happen, have the facility to restore a recent backup of the website quickly and without loss of data.

To maximise the security of your website, regular maintenance should include:

  • Application of software updates – in the case of WordPress websites this would include WordPress, the theme you are using and any plugins you have installed.
  • Backing up of the website so that you have a recent copy of the software and content. This could be monthly if you don’t make many changes to the site, weekly or even real time – so that new content is backed up straight away.
  • Malware scanning to identify and eliminate any malware that does find its way onto your website.
  • Continual monitoring of the website with email or text warnings if it goes down for more than a few minutes (this is referred to as “Uptime Monitor”).

Additional security could include limiting failed login attempts for each user and strong password enforcement. In some cases it might be adviseable to change the administrator username(s) and/or the URL of the login page.

Additional maintenance actions that won’t particularly aide security, but will help to keep your website functioning efficiently, include:

  • Removal of spam, which takes up unnecessary space on the server and may also include unwanted links to other websites.
  • Check for broken links, which may include internal links (to other pages, posts, images and downloads on your website) or, perhaps more likely, external links to useful websites, to documents you have quoted or recommendations.
  • Check that the website is generally working properly – whilst you can’t necessarily routinely look at all pages and posts on the website, you should monitor any with particular functionality (e.g. contact forms, video files, image galleries) and a selection of the more standard content.

Returning to our scenario at the beginning of this post…

This happened to one of our clients who had not got round to signing up for a website maintenance contract. An out-of-date plugin (yes – it was less than 3 months out of date!) was identified as being responsible for the site’s vulnerability that resulted in it being hacked less than 3 months after it was published. Some new posts had been added during that time, for which no backup had been made.

Act now and sign up for one of our Website maintenance for WordPress services to give you effortless protection and peace of mind!

 

 

Speak Your Mind

*

Visit Us On TwitterVisit Us On FacebookVisit Us On Google Plus