Unfortunately, a lot of websites become a victim of hackers and malware. In this article, I explain why websites get hacked and list five easy tips to help you keep your content secure.
Why does a website get hacked?
You may think that no one would ever be interested in hacking your site. Perhaps you have a small personal blog with only a few visitors, so what would be the gain?
A lot of people think that hackers are only interested in big corporate sites that have a lot of visitors and a lot of data to steal. However, this is far from true. Big corporate sites usually have strong security measures in place and are therefore difficult to hack. Small websites are much easier to compromise.
When people think of a hacker, they imagine someone sitting in a dark attic actively trying to get access to a site. However, nowadays the majority of hacks is done automatically by web bots. They scan the internet for websites that are vulnerable, for example, an outdated CMS, plugin or theme. Or they try to log in by using a lot of different username and password combinations.
When bots find a website with a vulnerability, hackers exploit it by placing malware somewhere on your site, though this doesn’t necessarily happen right away. Hackers often collect a large number of sites before they actually infect them with malware. That way their attacks get the most impact.
Examples of popular exploits are:
- Create redirects (links) on your site to phishing pages.
- Place viruses that automatically get downloaded when someone visits your site.
- Use your website’s resources to launch a DDoS attack.
If you have a website on the internet, you can be certain that eventually it will get scanned by a web crawler for possible exploits. Luckily, you can protect your site against the most common hacks with a few easy measures.
1 – Always update your CMS, plugins, and themes
One of the main reasons that software gets updated so often is to fix security vulnerabilities that could be exploited by hackers. So even if your site is working fine, it’s very important that you update your CMS, plugins, and themes to the latest versions.
If a plugin or theme hasn’t been updated for a while, this is often an indication that it is no longer maintained by the people who made it. In that case, it’s better to find an alternative.
Also, remember to remove old installations and themes and plugins that you don’t use. Even though you don’t actually use a site or plugin, this doesn’t mean it can’t be found and exploited by hackers.
2 – Use third-party security tools
There are a lot of tools and plugins, designed to secure your site, so use them! Especially if you have a WordPress site, we strongly recommend you add an extra layer of security. Roughly 30% of all websites run on WordPress which makes it very popular with hackers. Trusted plugins are, among others, iThemes, Sucuri or Wordfence. We also recommend you check out SiteLock.
SiteLock detects threats that could be exploited by hackers and solve problems or security risks on your web space. If you have a WordPress site, SiteLock warns you if you have any plugins or themes that are a security risk, or if you need to update.
We offer two packages, SiteLock Find that warns you about any issues that are detected and SiteLock Fix, that doesn’t only warn you, but also fixes things for you. You can easily activate SiteLock from your One.com control panel.
3 – Choose a good password and custom username
The most popular method used by hackers is a Brute Force Attack; bots try millions of different password and username combinations to try to log in to your site, or CMS.
When you install a CMS, the default username is often ‘admin.’ Most people don’t change this and also choose a password that is easy to guess, so the chances that hackers are successful are relatively high. By choosing a custom username and strong password, you protect yourself from a lot of potential hacks.
A good password that is also easy to remember is a random sentence with the spaces removed. Replace one or two letters with a number and write one of the words in capitals to make it even harder to guess. Read our article on how to create a good password for more tips.
4 – Enable SSL on your site
When you have SSL enabled on your site, you see a green padlock in the top left corner in the address box of your browser. It indicates that your website is secure.
SSL encrypts all traffic from and to your website, for example, if you type in a password or your payment details. Using SSL protects you from a so-called ‘Men in the middle’ attack, where someone ‘listens in’ to your data traffic and either steals your details or pretends to be you.
All One.com customers can enable SSL for free, from the One.com control panel.
5 – Make regular backups
If the worst happens and your site does get compromised, you will be very happy if you have a recent backup of your site and email.
You can create a backup by downloading all your web space files and storing it in a secure location. If you use a CMS like WordPress, you also need to make a backup of your database because this is where all your posts and pages are stored.
The easiest and most secure way is to use our Backup and Restore function. With Backup and Restore, you always have access to backups of the last two weeks. You can also manually save backups of a specific date and keep them safely stored in the private folder on your web space. You can activate Backup and Restore from the One.com control panel.