From the Desk of Paddy.
All websites, large and small are vulnerable to hackers. Hackers typically use scripts (bits of code such as commands, executed without user interaction) to “Hack” websites. These scripts do not differentiate between the size, type and importance of the website it is attacking.
Websites are hacked for various reasons. Hackers do so because the websites they comprise:
- Comes with bragging rights in the hacker world. They may deface your website with digital graffiti or leave unwanted messages that are nonsense or offensive.
- Will give them a place to insert spammy links that will take someone to bad areas on the net. These links can be hidden, difficult to find, unless you know what to look for in the server logs.
- Can be altered into a spam, porn or worse. Hackers can also change your site so completely; unknown to you that your website loads properly, but it is generating a completely different view for the search engines.
- Will be able to collect passwords, credit card numbers, keystrokes, company information and so forth. Essentially allowing them to do anything, they want.
- Becomes a vehicle to spread viruses and Trojans.
- Is set up to relay SPAM
To prevent comprises such as these, many companies take unsurmountable precautions against Hackers, only to find out in the end their efforts was for naught. Others are successful keeping hackers out. What the successful company does differently with their security could be as simple as the precautions you should be taking.
Update your software regularly, as all software contains bugs. Software developers provide updates and fixes to performance issues as well as security issues. If you don’t update you may be leaving your welcome mat out for hackers.
Don’t download programs just because they are free. If you download something to try or to test always go to the original developer to minimize your risk, after all “free Download” could really mean this free software has been tampered with.
Templates or paid extensions, downloaded free from different file sharing sites often contain hidden file modifications, such as those spammy links we talked about. They may contain a script that will open a Hacker backdoor to your website. Download software only from the original source.
Backup your website, even though your hosting company “claims” to back it up for you. Have you ever reinstalled a backup from your hosting company just to see what’s really being backup? For example from a well-known hosting provider they state the following in their small print: “XXXX… will run courtesy backups at our discretion. Any backups that we run are in addition to our Terms of Service and are not guaranteed. Customers are encouraged to run periodic backups themselves”
Another reason to backup your files: Most websites are hosted on “server farms” not a private network like DWLI. What would happen if someone on those shared services does something illegal and the FBI seizes the server? Down your website will go, so back it up.
You get what you pay for. You discovered there’s a wide range of hosting pricing options, from free to cheap all you can eat services. These hosting companies give you gobs of space, more than you will ever need, so why pay the big bucks.
It is true in most cases you get what you pay for. Website hosting is no different. When you shop around for a hosting provider look at the quality of services, especially security. Verify if you can easily update your WordPress, Joomla and other 3rd party extensions. Cheap can be expensive, especially when you entrust your lively hood to a hosting provider who does not supply adequate security (aside from not being able to contact them, updates that are difficult to do and so forth)
Install only what you need. Don’t install every extension, application and plugin available. Install what you need. The more you install the more updates you will have to do.
Do not test things on your website; use a test environment. Make a copy of your website on your local machine and test there. One screw up and your entire can be brought down and the backup you thought you had from you provider is nonexistent.
Do not forget about passwords. Make sure you use a strong password. And change it often. Some good rules to follow are posted by the Privacy Rights Clearinghouse.