How do you stop your small business website getting hacked?
The bad news is that you probably can't guarantee it never will be. The good news is that there are a lot of simple things you can do to reduce the chances. This post is by no means comprehensive, but its intention is to give you a few 'easy to implement' first steps to help keep things secure.
User Account Names & Passwords
When you're installing your CMS make sure that you pick an obscure username. If you're building your own website and haven't considered security you're very likely to leave the superuser as 'Admin' or some similar default name set during the installation process - after all, we all get fed up with remembering umpteen different combinations of username and password. Don't! Make sure you pick something obscure that cannot be guessed or linked back to you or your website's content. If you leave the superuser account name as the default any potential hacking attempt can be made with brute force tactics on the superuser password.
Once you've picked a strong superuser account name make sure you employ the same principles to your password. Make sure it's unique and you haven't used it elsewhere. There are lots of free tools available for generating passwords. Try http://freepasswordgenerator.com/ which will generate passwords depending on your chosen criteria of letters, numbers and symbols and also of varying length.
If you're still not convinced about unique and strong passwords have a read of this article by VPN Mash ... Secure Passwords 101: Why they matter and how to create them.
Site Software Updates
This is an important one. Once your chosen site software has been 'out there' for a while the weak points will have been identified. Not only by the developers but also the hackers. The CMS developers are constantly patching these and it's very often a simple one-click process to keep it current. Make sure you do.
As well as the CMS software make sure that you keep all plugins and components up to date as well.
There are many plugins available for the main CMSs that can be installed to monitor suspicious activity at the front end of your website and automatically block any misbehaving IP addresses. Ask your website developer about the possibilities of installing and configuring something when developing your website.
Many hosting companies also offer additional security for your website on top of their basic hosting packages. It's worth investigating these along with other tools, although slightly more costly, available from companies like https://www.sitelock.com/ that will scan your website for potentially malicious activity and provide varying levels of protection as well as allow you to display their logo on your website which will reassure your visitors.
It's an obvious one and easily forgotten. Keep a back up of your site. If the worst happens you can at least reinstate it.
Dealing with a Hacked Website
If, despite employing best practice, your website does get hacked. Don't despair. There are people out there who can help. We've used https://www.wewatchyourwebsite.com/ who have very quickly 'cleaned' a website and got it back online. Or you could take the site down and reinstate your backup.
Above all else keep a general eye on your site. If something looks slightly out of the ordinary check it out. Sometimes, the malicious code is very difficult to detect and has been placed deep within the directory structure of your website's files. It can take several weeks before it's very obvious to the site's front-end visitors that a site has been hacked. You may be able to take action before anyone realises that the site has been compromised.