Recent high profile hacking attempts and data breaches have highlighted the need to protect your website from malicious threats. Amongst the most vulnerable to hacking attempts are websites that use content management systems (CMS) platforms such as WordPress. The popularity and wide spread use of CMS platforms gives hackers the incentive to find exploits as the number of potential targets is vast.
So why bother protecting yourself?
Hackers may be trying to access your site for a variety of different reasons, all of which can put your website and business at risk. Gaining administration access to any website would be a key reason for a hack. It would allow the hacker full control over the site and allow actions such as removing user logins, changing the content of the site and worst of all allowing them to access sensitive client information. This can result in negative publicity as potential clients may question why they should trust you with their own data.
The goal of a hacker may simply be to deface your website and advertise their name as proof that they were responsible, most of the time this is done for fun and they have no underlying motives behind the attack. Unless people in your business access the site frequently it could go unseen for long periods of time. While a site is defaced potential customers may choose to take their business elsewhere.
An example of a defaced site.
How can you prepare for hacking attempts?
This may seem an obvious point but it is very important. Almost all people are aware of Windows updates, Apple iOS updates and what they are for. They provide additional functions and features for those systems but also many important security patches. All websites need to be updated for exactly the same reason. The underlying technology used will have security holes that hackers will be quick to take advantage of and through updating your websites software these holes can be fixed. The updates patch old flaws and security defects reducing the chances of people gaining unauthorised access to your site.
Use strong admin passwords
Would you use ‘Password’ on your account to access online banking? A strong, complex password is very important to prevent potential hacking attempts. It is much harder to make a brute force access attempt on a site if the admin password is complex. Make your passwords 8 – 10 characters long, use uppercase and lowercase characters, numbers, and non-dictionary words.
Take regular backups
In the unfortunate event that your website has been defaced or data has been removed or manipulated it is crucial that backups of the site are available for restore. If you have no site backups you could be looking at the cost of having the site re-created from scratch. The site can also be restored quickly and efficiently allowing your web presence to be online in a short space of time.
Hide Admin URL
Changing the admin URL from its default is something that can also help prevent security breaches. The vast majority of sites that use CMS platforms will keep the admin panel on the default URL e.g. WordPress – /wp-admin. This means that hackers will not need to look very hard to find it and can immediately start trying to gain access. Changing this URL can inconvenience the hacker in question and add another obstacle in their way which could be enough for them to move on.
Change Table Prefix’s
Making this change can be very helpful in preventing something called SQL injections, these are used by hackers to gain access to a websites database and these injections can manipulate data or even completely remove data. By using a unique table prefix you can increase the security of your site and make it more difficult to perform the injections. This helps because the table names within the database do not have the default names and makes the database much more difficult to navigate.
If you have had any issues with your websites security or are interested in how we can help your business please contact us via our online form.
To find out more, please call us on 0845 504 8989, or complete our contact form.