Website security is always a top concern when building or maintaining a website. But most people don’t fully understand what they’re securing, or what they’re protecting themselves from. I’d like to share some basic information and preventative measures for website security.
A few months ago, one of my client’s websites was HACKED. I feel this is not an issue most web developers like to talk about as they feel it indicates we did something wrong. I pride myself on being transparent in my business, and would like to share my experience with how we handled this issue and what we can learn going forward.
Sometimes Security BEST Practices are not enough
Keep in mind that we did follow best practices for preventative measures. However, even with these properly in place, there is always a risk of any website being hacked.
What types of websites get hacked the most?
Most people have the misconception that hackers will target websites only for specific reasons; if your website gets a lot of traffic, if you accept online payments, etc. However, most of the time, it’s actually completely random.
How does a website get hacked?
Most often, it is simply an algorithm that is run by the “hackers”. It combs through site after site, until it finds a weakness within that site. It then can wriggle into the backend of the website, and implant a .php code. (It’s actually more technical than that, but that’s for another time).
What does hacking do to a website?
Hacking can do a number of things, some minimally noticeable while others can have a huge impact. In this specific case, the hackers implanted their codes, which caused the website to fail and simply display a “White Screen of Death”, meaning that nothing was displayed on the page.
They can also implant codes that will direct the visitors to spam, and indecent material.
What other negatives can come from being hacked?
When a website is hacked, it can have a negative impact on SEO. Firstly, Google will ‘flag’ the site as hacked and show a notice under the Google listing saying “This site appears to have been hacked”. This is basically an “enter at your own risk” notice.
What can you do to prevent hacking?
Preventative measures are the best place to start, but you should ALWAYS have a contingency plan in place.
- Always keep plugins up to date
- Install a Premium Security Plugin: I recommend WordFence Security.
- Purchase a Security Package from your hosting provider.
- Configure and regularly schedule backups (to use in case an emergency restore is necessary)
While #1 and #2 should keep a website fairly safe, we had to implement the last step for this customer. For some reason, the hackers found a weakness even though her website was completely up-to-date and she had WordFence Security Premium installed and configured. Just one of the unlucky ones.
Additional security measures are sometimes required
I was able to work with GoDaddy’s Support Team to identify the issues on her FTP. They were then able to install their solution “SiteSecure” and resolve the issue from the backend.
While this is a paid solution, costing approximately $80USD for the year, it is a solution that will keep working in the back end to alert us, then find and destroy these files before they have an effect on the front-end of the website.
The “Back-Up” Plan
In case anything were to go so wrong that we need to restore a previous version of the website, we always keep an updated backup of her website. It is scheduled to run once per week, and we also will do one-time backups when we do a major content/graphic update.
While you can work hard to prevent a website from being hacked, sometimes it’s inevitable. It’s best to be prepared and have a backup plan just in case.
If you have any questions about other recommendations for website security, I’d love to hear from you!
I invite you to get in touch by telephone or email, or connect through Facebook, Twitter, LinkedIn, and Instagram. You can also sign up for our exclusive monthly newsletter for more great tips on social media marketing, SEO and websites!
Until next time,