After a little episode we went through in 2008, we can speak with some authority on the subject of having your website hacked. It’s not a pleasant experience – yet as more people build websites and get online, it’s not as uncommon as you’d hope.
Websites get hacked for lots of reasons. The stereotype is of teenagers messing around in their spare time, but actually, lots of sites are hacked automatically, by online programs called scripts which target sites built using particular technologies.
This is done for commercial reasons. The hacking scripts insert links into your site or point your domain name to other places.
Those links redirect visitors to other websites – often ones peddling dodgy pharmaceutical products or bristling with spyware. The hackers make money. You lose out.
At the very least, getting hacked can cause you no end of hassle. At the worst, restoring your site and repairing your reputation can cost you quite a bit of money.
Which sites are vulnerable?
Websites built using blogging or content management tools like WordPress or Joomla can be more vulnerable than sites coded from scratch. This isn’t because those tools are inherently unsafe, but simply because lots of people use them.
Hackers know that if they find a security hole in WordPress, they’ll be able to use it to hack thousands of WordPress-based sites. The payoff from the effort is higher than if they’d spent the time figuring out how to hack a single, custom-built website.
How to protect yourself
However, as with all these things, there are some basic precautions you can take to reduce the chance of getting hacked:
- Use strong passwords. SDFGws’434er@ is always going to be harder to guess than password. Can’t think of a good one? Use this strong password generator. Always change passwords regularly, and if you have several users, make sure they use strong passwords too.
- Keep everything up-to-date. Like the software on your computer, hosting applications are updated regularly. Install the latest versions as soon as they’re available. Many applications – including WordPress – will prompt you to install when you log in.
- Back up all your data. Obviously, you hope the worst doesn’t happen. But if it does, you’ll be glad you have a safe copy of your data. Many applications use a MySQL database – these instructions explain how to back up your database on 123-reg.
- Add extra security. For example, you can lock down access so people can only access your application’s admin panel from certain IP addresses. (This is a bit technical, but there are some instructions on our support site.)
Finally, because each application works differently, they all have specific things you can do once you’ve taken care of the essentials.
The best places to go for more information are the applications’ own websites. Most are supported by a big community of users who’ll be happy to give advice and have written articles explaining what to do. Here are some security tips for Joomla and WordPress to get you started.