We'd prefer to protect you from a hack attack rather than pick up the pieces afterwards. Getting hacked is stressful and costly. As you can imagine, your home screen will be far more effective at converting sales than this one.
Most websites are built on Content Management Systems (CMS) such as Wordpress, Joomla! or Drupal. They are an excellent way to build a professional looking website that you can manage yourself. The trade off for this convenience is security, popular CMS systems are more commonly targeted by hackers. However, there are several steps we can help you take, to stay one step ahead of the hackers.
Things you can do
- Remove all unnecessary users
- Don't grant users full admin access if they don't need it
- Remove unused plugins, extensions, components, themes or templates
- Use plugins VERY sparingly. These are the number 1 point of access for hackers.
- Avoid using off-the-shelf themes. You don't know how they are built and which plugins they have kludged together to produce their all-singing all-dancing theme.
- Don't use 'admin' as one of your usernames.
- Did we mention long complicated passwords??
Things we can do
- Lock down permissions on the core CMS files.
- Harden all the known weaknesses of your CMS
- Automatic lock-outs for repeated failed login attempts
- IP Blacklisting
- Set up a firewall with white listed IP addresses
- Install brute force attack detection and blocking
- Make the admin area unavailable out of business hours
- Salt (sort of encrypt) your main config passwords
- Malware scanning
Prevention is always better than a cure. Call us now on 1300 228 100 to establish a plan that will work for you.
Additional Website Hardening
In addition to server hardening, which you'll need to talk to your hosting provider about, there are a variety of things you can do.
Why using complicated passwords is critical
There are a variety of things you can do to harden your site against hackers. The easiest is to use complicated passwords. Password cracking software is readily available - http://resources.infosecinstitute.com/10-popular-password-cracking-tools/ and as processing power increases, these software tools are getting quicker at calculating the millions of combinations required to guess your password.
They are smarter than simply generating a random string of characters. They begin with the obvious things, like username, business name, street, adding the year, or replacing letters like I, E and O with 1, 3 and 0. The fewer characters you use, the quicker it is to guess.
But I can't remember complicated passwords!
For a long time now, we have been told to use a combination of upper and lower case letters, numbers and symbols, but who can remember that? It's insane to think you can remember a different gibberish password for every login. Most people have upwards of 10 logins.
But unfortunately, that is the world we live in. So, find yourself a system. Whether it's a keychain type application on your computer or phone or a service like https://lastpass.com/ or passwords hand written on piece of paper. Alternatively, find a method for remembering, for example you could use your favourite songs.
For example, "It's All About That Bass" by Meghan Trainor could be abbreviated in thousands of different ways. Using the first letters of each word produces this "IAATB". Add some embellishments along with it's length (3:09) and you have yourself a decent password that could be remembered IaLLATBa$$3:09 or i'[email protected]:09. What ever works for you.