How to prevent hacks on your website

Hacks do happen occasionally, so I asked my friend Claire Gallagher of Claire Creative to write this short low-down on what you can do to keep yourself out of trouble. -------

As a site owner, it is important to protect your website from unwanted attacks. Hacking is unfortunately something that does occur in the world of websites, no matter who hosts your site and no matter its subject matter, and you can’t ever be sure you are 100% safe.  However, there are a number of precautions that you can take to reduce the risk of attack. Here are five points to address to improve your site’s safety.

1. Your computer.

The computer that you use to log in to your website should be secure.

  • Use anti-virus software.
  • Don’t download files or applications from sources that you don’t know.
  • Use spam filters on your email account.

2. Your host.

Choose a reputable host that offers customer support. Before deciding on a host, check online reviews to ensure that the host is reliable.

3. Your passwords.

Choose a secure password for your hosting account and your admin area (if your site uses WordPress or another content management system). It is also a good idea to change your passwords regularly.

Note that if you use a WordPress site, you should avoid the default “admin” as your user name.

Your hosting company will most likely provide you with a complex password for your FTP – you should change this from time to time as well, whether or not you use FTP to upload files to your website.

4.  Your version of WordPress and plugins.

Your site, just like your computer, runs on software that requires occasional updates. WordPress updates are released regularly to protect against hackers and generally improve the performance of your website. It is highly recommended that you keep WordPress and plugins up to date - it’s one of the best ways to protect your site from attack. With any software update, there can be compatibility issues, so take a backup before you do your update.

The same advice goes for any other content management system or open source software you may be using on your website.

5. Your backup copy.

Despite your best efforts, your site may still get attacked. Never fear! If you have a backup copy, your site can be restored in all its former glory, with limited downtime – all you need is a back up copy of your site and your database (if your site uses one - WordPress sites do use a database).  Your hosting company will advise as to how often they take security backups, and if you use WordPress, it’s a simple matter to set up an automatic backup system from within your admin area.  Updraft Plus is one of several free WordPress plugins available.  (You should make sure you keep a backup on your own computer, as well as stored on your host, just in case anything ever happens to your host!)