I remember the first time my e-mail addresse got hacked.
Even though I knew it was a common occurrence, especially with the various free e-mail account providers, it still felt gross, like somehow something personal had been invaded. It felt dirty. Not to mention that it was just plain annoying to have to go through all of the steps to resecure my account and contact everyone who had been spammed by the hackers.
When it's your business website that gets hacked like recently happened to scores of website owners, it's more than an annoyance or a feeling of dirtiness. It's your livelihood on the line.
How safe is your website from hackers? Check out these security tips to make sure you're not leaving yourself wide open for a similar kind of attack.
1. Is your WordPress installation up to date?
One of the simplest ways to prevent your site from being hacked and having malicious code added to your pages is to keep your WordPress installation current. As security loopholes are found, programmers work to release updates that address any weaknesses. But if you're not updating your WordPress installation regularly, you're leaving your site wide open to have any such weaknesses exploited.
2. Do you have security plugins installed?
There are a number of plugins that exist to decrease the threat of known security weaknesses in WordPress. Better WP Security,WordFence Security, and Bullet Proof Security are three such plugins. Again – if you don't keep security (or other) plugins up to date, you are leaving your site wide open in the event hackers find vulnerabilities in the plugins you're using. And if you're not using a given plugin on your site – take it off. Every plugin – while giving your site rich features – is also a potential entry point for hackers who have nothing better to do than look for loopholes in popular plugins. Don't be an easy target for them.
3. Are your passwords secure and difficult to hack?
Recognizable words are not good passwords. Even if you put a number on the end, it's still not a good practice to have recognizable words as part of your passwords. Have I made that clear enough? Don't do it. Don't share your passwords. If you need to give someone access to your site, give them the lowest level of access needed to do what it is they're trying to do.
Change your passwords regularly, too. And for the love of God, please don't use the same username and password combo for your financial institutions that you do for your website.
4. Do you review your Google Webmaster Tools account activity regularly?
Surprised that this appears on a list of tips for security? Here's an easy way to find out if you have malware infections on your site.
Look at the search queries that are used to find your site. If your site is about a financial services business and all of a sudden people are finding it by searching for "get Cialis without a prescription," it might be a clue that you have malware on your site.
Look under the Health section of Google Webmaster Tools – if Google suggests you have URLs with malicious code, it's worth taking a look.
What are your security concerns about your website?
first published in AssistSoci