How To Protect Your Website From Hackers
27th February 2015
With thousands of websites getting hacked every day, website security is a very real issue that all webmasters should be aware of and take steps to enforce.
Websites can be hacked for a number of purposes, including installing malicious software (“malware”) on a user’s computer, collecting personal information, or redirecting users to a completely different website.
When your website has been hacked, it can be difficult to recover. However, there are steps you can take to fix your site, or even better, lessen the risk of being hacked at all.
How To Tell If You’ve Been Hacked
If your site has been hacked, you may find out in a number of ways:
- Changes have been made to the content of your site
- Your website redirects to a different site
- Google notifies you that your website has been compromised through Webmaster Tools (your site may also be labelled as infected on search results pages)
- Your browser warns you against visiting the site
How Do Hackers Do It?
Many people do not know how their site has been hacked, but it could have been done simply by guessing your password, using malware on your computer to gain your password, or finding a security vulnerability in your website’s software.
What To Do If Your Website Is Hacked
Google suggests eight steps to follow to recover a hacked site:
- Watch the overview on Google’s help pages.
- Contact your hosting provider to let them know what has happened so they can help you and make sure their other customers are not affected. You should also find help online and consider enlisting the help of a security expert.
- Take your website offline until the problem is fixed, check your user accounts to delete any accounts created by the hacker, and change passwords for all users and accounts.
- Check your site information in Webmaster Tools for messages to help you find out in what way your site was compromised.
- Assess the damage by making a list of all affected files and determining the hacker’s intent.
- Identify the vulnerability – there may be one or several, either on your website or on your local computer.
- Clean and maintain your site by removing bad content, restoring good content, fixing vulnerabilities and making plans for future maintenance.
- Request a review from Google so that users are no longer warned that visiting your site could be harmful.
Protecting Your Website From Future Attacks
To protect your website from hackers you should take the following steps:
- Keep your content management system (e.g. Drupal, Joomla, WordPress, etc.) updated to the latest version.
- Use a strong, unique password to log in to your CMS.
- If possible, enable two-step verification for logging in to your CMS.
- Ensure any plugins or themes you use come from a reputable source.
- Avoid using FTP when transferring files to your servers, as this does not encrypt any traffic. Instead, use SFTP which will encrypt everything, including passwords.
- Check permissions on sensitive files such as .htaccess - these files can protect your site but they can also be used for malicious attacks if they fall into the wrong hands.
- Look for new or unfamiliar users in your administrative panel or other places where users can modify your site.
You should also always make sure all your files are backed up, and use Webmaster Tools so that you are notified of any problems – you can have your Message Centre messages forwarded to your email account so that if your website is compromised, you find out straight away.
For more information, take a look at What To Do If Your Website Has Been Hacked By Phishers, a PDF provided by antiphishing.org.
Contact us to find out how SilverDisc can provide you with a secure website for your business.