3 Ways You’re Probably Inviting Hackers to Your Website
Published on 21 Dec 2014 | Last updated on 22 Feb 2015
You may not think hackers are interested in you or your website. Sorry to burst your bubble but you are so wrong. They covet your site, actually, for its ability to spread malware and malicious code that does all sorts of evil things in the world.
It’s Not Just Porn and Gambling Sites
You’re also wrong if you think web viruses are spread via porn and gambling sites only. Nope, yours is right in there with the worst of them, co-mingling in the cesspool that we call the Web. Any type of website is vulnerable to hacking (which is how a lot of viruses get spread), including yours if you aren’t careful.
It’s You and Your Unprotected Website
If you remember the days when it wasn’t safe to open email attachments because they contained viruses, this is the new generation of malware. Instead of spreading via attachments which get unwittingly opened by unaware recipients, malware now gets disseminated via insecure websites…owned by the same type of unaware user who has no idea what hit them when it happens!
The 3 Most Common Hacker-Friendly Things People Do
#1: Not Updating Software
Content management systems like WordPress and Joomla have many resources dedicated to security. When they have a breakthrough, they’ll send out an update. Skip those updates and you’re asking hackers in.
#2: Not Installing Security Plugins
If you’re ever lost a password and just kept trying different ones until you finally got locked out of a site (e.g., a banking site), then you’ve been on the receiving end of a defense against a brute force attack. Usually these are done by bots who pound and pound on the door of a login page until they hit the right combination of letters, numbers and symbols (aka your password).
WordPress, among many other content management systems, has various plug-ins which can limit the number of times you can try your login until you get locked out. Most platforms have some sort of protection, so get it and use it!
#3: Not Creating Strong Passwords
If your password is a word, a hacker’s dictionary attack will eventually get it right and gain access. If your password is a word plus a few numbers, they’ll still get in. You need a crazy complicated password these days, so use those password generators!
WordPress Lets You Take the Drastic Approach
WordPress is so often hacked, they now have super strong defense mechanisms for keeping hackers out. You could even prevent anyone from logging in except you, and only you when you’re at your regular IP address. By limiting the number of IP addresses that can visit your wp-admin folder with some code in the .htaccess file, you’re sure to be safe from hackers.
What To Do If You Get Hacked
In the event you do get hacked, find out if it’s just your website that got hacked, or your web host’s server. Even if it’s just you, a good web host with a responsive customer service team will sometimes find the malware in your files for you, and remove it.
Just remember, you’re not alone! Your web hosting company can help so contact them immediately when you discover you’ve been hacked. Once you have your site back, re-read this article and implement everything.