As a professional website designer, I have the unfortunate position of hearing website horror stories. All. The. Time. Sure, that generally means business for me, but it also means that there are way too many businesses that are vulnerable, and they don’t even know it!
Here are some things you can do to make your website less vulnerable to hackers.
Don’t use the defaults
When you set up your username and password, never use the defaults. Hackers start with these, and we don’t want to make their job any easier. Of course you want to make your password hard to guess; everybody knows that. It’s proven that passwords longer than eight characters are usually harder for hackers and computers to decipher. Your password should not contain actual words, nor a representation of words (e.g. H3ll0) as these have become the new norm, and are now very easy to guess. Hackers have even updated their systems to use o and 0 interchangeably. The best password should be a completely random set of upper and lowercase letters, numbers, and symbols. Do not make a copy of your password anywhere on a device or the internet. Instead, scratch it on a piece of good, old-fashioned paper, and hide it somewhere in your home.
You also want to make your username hard to guess. Remember, hackers have to figure that part of the equation out, too. Don’t spend too much time here, but don’t make it “admin” either.
Keep it fresh
So if a hacker, or hackers’, computer is trying and trying and trying to get into your website, over time they’re going to narrow the list of possibilities down. The best way to combat this is to make them start over by changing your password often. Update your password every 2-3 months, and make sure it’s different across all platforms. So, for example, don’t use the same password for your Facebook page and bank account as you do for your website. It’s probably not a good idea to use the same password on your bank account as you do for Facebook, either, but that’s a whole new blog post.
Update your plugins
Seriously, do it right now. If you’re using a Content Management System like WordPress for your website and you’re using plugins, make sure you keep them updated! Every time an update is released for WordPress or its plugins, that means there’s a hole for a hacker to get in somewhere. The longer those holes are kept open, the greater the chance that they’ll find a way in.
Delete unnecessary data
This includes plugins and images. Aside from website storage reasons and page load time, you also need to keep things cleaned up to prevent yourself from being hacked. If it’s not an active part of your website, chances are you aren’t keeping a close eye on updates, etc., meaning you’re leaving an open hole for a hacker. Keep your website as clean as possible, removing anything from your website that you’re not using and don’t intend to use anytime soon.
Up your defense with plugins like Wordfence, Loginizer, and Limit Login Attempts
Wordfence, Loginizer, and Limit Login Attempts are three of the best WordPress plugins I’ve found to increase your website defense. With over 14 million downloads to date, Wordfence is a personal favorite of mine. You set the defense level, and let the plugin do the work. If someone in the world is attempting a brute-force attack on your website, these plugins will notify you, let you know their IP address, and will allow you to block their IP permanently from going to your website (or hacking it).
Back-up your website
I feel like this one should go without saying, but sadly, most people do not have a backup copy of their website files. There are two simple ways to do this.
- You can go to your FTP program, like FileZilla or Cyberduck and copy all the files to your local computer.
- Use a plugin called UpDraft Plus. You can set it to run automatically and back up to your personal Dropbox folder, or you can do it manually and download the files to your local computer.
Either way, this is a MUST. If a hacker takes over your website, you’ll want to pull all the information down with your FTP and upload your backup as quickly as possible so as not to be discredited and blacklisted from Google.
Or you could call me. 🙂
Hiring a professional to build or maintain your website should always include ensuring your site is secure. When a designer or developer is suggesting that you opt-in for the monthly maintenance package, do it! This is the best way to ensure that your site remains safe from hackers.