You’ve undoubtedly heard it on the news before. Some large company with tons of private user data gets hacked. Suddenly, personal information is at risk.
Companies spend a whole lot of money on cyber security. Even so, a determined hacker can still get in and hijack customer data. It’s a nightmare for IT departments and users alike.
But the sad truth is, any website can be hacked. Even your typical small business site is at risk. Yes, even your site.
“Why would anyone want to get into my site?”, you might ask. Well, it’s a little more complicated than that. While there certainly could be someone out there with the proper knowledge and an ax to grind against your company, it’s probably not very likely your website would be compromised from that type of situation.
More than likely, if your site is attacked, it will be from a botnet. A botnet is essentially a network of computers (often compromised by a virus) that will attack websites in an automated fashion.
For example, say your sweet Aunt Ethel opens up an email attachment that she shouldn’t have. It turns out that she unwittingly installed a virus on her computer. That virus connects the computer to a criminal botnet. When the botnet sends instructions to attack any websites running a particular piece of software, Aunt Ethel’s computer becomes part of a network attempting to hack into websites around the world.
It’s sadly become a story that repeats itself quite often.
Here’s What You Can Do to Help Secure Your Website
While there is no bulletproof fix, the following can at the very least make your site a little less interesting for botnets:
Keep Strong Passwords
While it’s much easier to remember a short, uncomplicated password, it’s also a whole lot easier for an automated botnet script to decipher. If you have a password for your web server or content management system, make sure it’s a long string of nonsense. Make it at least 10 characters, include numbers, symbols (!@$%^) and both capital and lowercase letters. Depending on your system, you may even be able to use an entire phrase. It may be harder to remember, but if you keep it in a safe place you’ll have access to it when needed. You can also use a program like KeePass to save passwords in an encrypted format. Bonus: A list of the worst passwords out there »
Create Separate User Accounts
If you’re using WordPress to power your website, there’s a great featured called Roles and Capabilities. This makes it easy to separate those users who will be responsible for maintaining the software itself (administrators) from those who simply will add or edit content (Authors or Editors). Not everyone in your organization will need administrative access to your website. Give team members the access they need to do their job and not an inch more. Admins can even add a plugin like Role Scoper to customize just who can do what within the system.
Use Security Services or Plugins
There are security services out their like Sucuri that will monitor your website and, if the worst happens, even help you clean up after an attack. There are also plugins that will work nicely for pretty much every major content management system out there. For WordPress, I like Wordfence or Better WP Security. They’re both free (or have free versions) that will provide some basic protection.
While these are just little steps, they can make a big difference in keeping your website protected.