How to prevent your website from being hacked
Are you worried about the security of your website?
To be honest the answer is probably No. Human nature means we always expect bad things to happen to someone else.
For example: Did you know if you buy a lottery ticket on a Monday morning for the following Saturdays draw, you are more likely to be killed crossing the road during that week than winning the Jackpot Saturday night.
Most wouldn’t expect either event to happen, but deep down we all think there is more chance of winning the lottery, because being killed crossing the road happens to other people.
But people do die crossing the road.
You can apply the same logic to anything including website security research suggests that 90% of the websites around the world have serious vulnerabilities which can be exploited by hackers. These can be in the form of poor password protection to poor coding and programming on the website. The real scary part is that professional hackers prefer to target small to medium size websites as there is more chance of going undetected and once discovered most small businesses haven’t got the technical ability to fix the problem.
Have you taken precautions to stop people hacking your website?
Nothing about owning a website is easy; it can sometimes be a full time job just keeping it going. Let alone marketing it, updating it and if you read some of the articles on our website about SEO and Social Media you will probably want to give up now.
However life can become far more stressful if the website was to get broken into. Not only would you have to figure out how they did it, but you would have to repair all the damage! Even as web developers it is the call we hate to receive.
Why would people want to hack your website?
There are a number of reasons people hack into your website here are a few;
- Links back to their website
- Links to another website (paid for links)
- Hijacking your websites traffic
- Inject content onto your website
- Gain access to paid for items
- Gain all registered users email addresses
- And of course, just for fun.
How hackers attempt to gain access
In most cases, the people that are trying to break into your website are actually not people, they are robots. These bots are set up to trawl the internet looking for certain vulnerabilities within the websites or for admin screens and try to log into them.
The most basic of these bots will go to your login screen, set the username to admin and try some of the most common passwords:
- Password
- password123
- hello
- hello123
- qwerty
- qwertyuiop
- Your name
- Company name
Some slightly more advanced robots will add a couple of steps in before they get to the login screen. First they will crawl the pages www.your-domain.com/author/1, /author/2 up to /author/9. If these pages don’t return a 404 error (page not found), then there is an author set in the database. They simply take the first name of that author, and try those common passwords with the username set to their first name.
The final (common) method for gaining access to your admin is by trying to access a file that is known to have issues.
How to secure your website?
- Step one is to ensure that you use secure passwords.
- Change the username from ‘Admin’ to something else
- Change the user ID of your admin from 1 to something else
- Lock entrance to the admin at certain time periods
- Ban users based on their IP addresses
- Automatically take backups of your database and email them to yourself
- Check the number of hits on 404 pages and lock the user out if they are excessive
- Track any changes to your files
- Limit the number of times you can attempt to login with the wrong password
- Enforce strong passwords
- Keep up to date with patches for any software used
All of these are rather small changes; however they go a long way to keeping your website safe.