ON THE WEB: Protect your website

Have you ever had your website hacked?

This is the downside to the popularity of the Internet. There has been an enormous increase in the number of websites out there and many of them use Content Management Software (CMS) that may have security holes in them.

And just like Windows PCs get hacked into more than Apple machines, the popular CMS software programs WordPress and Joomla bear the brunt of the attacks. It’s a numbers game.

It is good to know how these sites may get hacked, so you can prepare yourself for it. Barricade the virtual doors, so to speak. Two tactics commonly used to gain unauthorized access are brute force attacks and using weaknesses in the software.

To start with the brute force attacks: hackers will try to guess the password of the user names over and over again, until they get it right. Some things that you can do to deter the threats include: not using the default user names like “admin” and instead using long and difficult passwords – so not “asdf1234” or “password1” but rather something like “]&K#6O’jE_=<7’5”.

I hear you think: “How am I going to remember that, or even type it in without making a mistake?” Well, you could just copy/paste the password from a text file you created, or use a (free) tool like lastpass.com. Then you don’t have to remember passwords, the software will do it for you. Moving the default login location, or the whole CMS software installation (to a sub-directory), are also good first lines of defense.

As I mentioned before, another popular way to attack a site is by utilizing vulnerabilities in the software. The best way to protect yourself from these hack attacks is to make sure you always run the latest version of the CMS software (like Joomla or WordPress), plug-ins, add-ons and themes. As soon as a new security hole is found the programmers will try to fix it as quickly as possible. By running outdated software you will not benefit from these plugged security holes.

If worse comes to worst and your website does get hacked or injected with malware: make sure you have a number of back-ups available to restore the website from if necessary.

You may also need to reinstall from a backup if the upgrade of your software goes horribly wrong because some plug-ins are no longer compatible. Hosting companies may only save the last daily, weekly and monthly backup and this may not be enough if for whatever reason those backups don’t work for you. Better safe than sorry: make your own backups.

There is a lot more that you can do to secure your website. Read up on the topic, or ask your web master to perform some security upgrades for you. You do not want to find your website defaced, do you?

For more information, contact your web developer, or website optimizer Nardo Kuitert at nardo@ucwebs.com or 519-787-7612.

Nardo has written this column on behalf of the Centre Wellington Chamber of Commerce since 2006.

Comments