As I learned with my personal blog, your site doesn’t have to be big and important in order to be a target of hackers. In fact, small business sites and personal blogs make great targets because they don’t normally have someone on staff to secure it.
Thankfully, I had a backup and I wasn’t counting on revenue from my site. Not everyone is so lucky.
Fortunately, it doesn’t take much to give your site some basic protection against downtime due to hackers.
Keep Software Up To Date
When software or plugins come out with updated versions, it is often because there were security holes that needed to be fixed. My site was hacked by a script that crawled the internet to find sites with old versions of WordPress. I could have avoided the whole mess if I had just taken a few minutes to click the Update link in my WP admin.
Use Secure Passwords
This seemed almost too obvious to add to the list until I read that “123456” had finally overtaken “password” as the most common password.
You don’t have to go crazy with an obnoxiously long and impossible to remember password, but at least stay away from the most obvious choices like your domain name, your username, “admin”, and “test”.
Backup Your Site
In addition to defacing my site, the script that hacked my site also installed a number of hidden files that sent emails and who knows what else.
I could have just swapped out the home page, but starting with a clean backup ensured that these hidden files didn’t stick around and cause damage.
Avoid File Uploads
Allowing file uploads gives hackers yet another access point to get into your site. Even image uploads can be risky and you cannot rely on the extension.
The best solution is to prevent direct access to uploaded files altogether, but if this isn’t an option, you may want to consider consulting a professional.
Use SSL
SSL is a security protocol that is used to prevent attackers from “sniffing” data as it passes between the website and web server or database.
If your site collects payment information or personal data, you should consider using SSL to keep it secure.
Monitor Your Site Content
When your site is hacked, the sooner you know about it the better. One way to find out if your site has been defaced is by monitoring a snippet of content on your site that does not (or should not) change.
Content monitoring is available at no extra charge on all of our $5/mo+ plans. To enable content monitoring on a new or existing SiteUptime monitor, follow the simple steps below:
- Log into your Control Panel and click on “My Monitors”.
- Click the “Options -> Edit” link next to the monitor you wish to edit or click the button to add a new monitor.
- Click the Advanced Options button.
- Towards the bottom of the form, you will see “Monitor Page Content”. Enter the snippet you wish to monitor and you will receive an alert if the that content cannot be found.