By Nardo Kuitert, U-C WEBS
[Published in The Wellington Advertiser, September 2012 for the Centre Wellington Chamber of Commerce]
Have you ever had your website hacked into? That you visit your site and all of a sudden there is a little pop-up from your anti-virus program (you DO have an up-to-date anti-virus program on your computer, right?) saying “Trojan Horse blocked” or something similar. Or your home page has been replaced (defaced) with some message in a foreign language… Nasty things for sure! This is the downside to the popularity of the Internet. There has been an enormous increase in the number of websites out there and many of them use Content Management Software (CMS) that may have security holes in them. And just like windows PCs get hacked into more than Apple machines, the popular CMS software programs WordPress and Joomla bear the brunt of the attacks. It’s a numbers game.
It is good to know how these sites may get hacked, so you can prepare yourself for it. Barricade the virtual doors, so to speak. Two tactics commonly used to gain unauthorized access are brute force attacks and using weaknesses in the software.
To start with the brute force attacks: hackers will try to guess the password of the user names over and over again, until they get it right. Some things that you can do to deter the threats include: not using the default user names like “admin” and using long and difficult passwords; so not “asdf1234” or “password1” but rather something like “]&K#6O’jE_=
As I mentioned before, another popular way to attack a site is by utilizing vulnerabilities in the software. The best way to protect yourself from these hack attacks is to make sure you always run the latest version of the CMS software (like Joomla or WordPress), plugins, add-ons and themes. As soon as a new security hole is found the programmers will try to fix it as quickly as possible. By running outdated software you will not benefit from these plugged security holes.
If worst comes to worst and your website does get hacked or injected with malware: make sure you have a number of backups available to restore the website from if necessary. You may also need to reinstall from a backup if the upgrade of your software goes horribly wrong because some plugins are no longer compatible. Hosting companies may only save the last daily, weekly and monthly backup and this may not be enough if for whatever reason those backups don’t work for you. Better safe than sorry: make your own backups!
There is a lot more that you can do to secure your website. Read up on the topic, or ask your web master to perform some security upgrades for you. You do not want to find YOUR website defaced, do you?
Nardo Kuitert is an Internet Consultant with Fergus Website Development and Optimization firm U-C WEBS (www.u-cwebs.com). U-C WEBS also offers Internet advertising opportunities on www.ferguspages.com. (link opens in a new window)
Do you like this article?
Do you want to publish this article in your newsletter? Send us an email with the details; we will likely grant you reprinting rights, provided you include the credit with a hyperlink back to this site.