Hacking your computerAfter a little episode we went through in 2008, we can speak with some authority on the subject of having your website hacked. It’s not a pleasant experience – yet as more people build websites and get online, it’s not as uncommon as you’d hope.

Websites get hacked for lots of reasons. The stereotype is of teenagers messing around in their spare time, but actually, lots of sites are hacked automatically, by online programs called scripts which target sites built using particular technologies.

This is done for commercial reasons. The hacking scripts insert links into your site or point your domain name to other places.

Those links redirect visitors to other websites – often ones peddling dodgy pharmaceutical products or bristling with spyware. The hackers make money. You lose out.

At the very least, getting hacked can cause you no end of hassle. At the worst, restoring your site and repairing your reputation can cost you quite a bit of money.

Which sites are vulnerable?

Websites built using blogging or content management tools like WordPress or Joomla can be more vulnerable than sites coded from scratch. This isn’t because those tools are inherently unsafe, but simply because lots of people use them.

Hackers know that if they find a security hole in WordPress, they’ll be able to use it to hack thousands of WordPress-based sites. The payoff from the effort is higher than if they’d spent the time figuring out how to hack a single, custom-built website.

How to protect yourself

Hold on, don’t start to panic! Thousands of big names use sites built with these common applications. Number 10, TechCrunch and eBay wouldn’t use WordPress if they didn’t think it was safe.

However, as with all these things, there are some basic precautions you can take to reduce the chance of getting hacked:

  • Use strong passwords. SDFGws’434er@ is always going to be harder to guess than password. Can’t think of a good one? Use this strong password generator. Always change passwords regularly, and if you have several users, make sure they use strong passwords too.
  • Keep everything up-to-date. Like the software on your computer, hosting applications are updated regularly. Install the latest versions as soon as they’re available. Many applications – including WordPress – will prompt you to install when you log in.
  • Back up all your data. Obviously, you hope the worst doesn’t happen. But if it does, you’ll be glad you have a safe copy of your data. Many applications use a MySQL database – these instructions explain how to back up your database on 123-reg.
  • Add extra security. For example, you can lock down access so people can only access your application’s admin panel from certain IP addresses. (This is a bit technical, but there are some instructions on our support site.)

Finally, because each application works differently, they all have specific things you can do once you’ve taken care of the essentials.

The best places to go for more information are the applications’ own websites. Most are supported by a big community of users who’ll be happy to give advice and have written articles explaining what to do. Here are some security tips for Joomla and WordPress to get you started.

Was This Article Useful?

Let Others Know
1 Star2 Stars3 Stars4 Stars5 Stars6 Stars7 Stars8 Stars9 Stars10 Stars (No Ratings Yet)
Loading ... Loading ...

Share this post


Leave a Reply

One Response

  • Jim

    Your article seems more geared toward big commercial sites where passwords are required. Any sites that I have constructed are fairly simple and the hacking seems more akin to the bored teenagers messing around than anything else. The technique used is to send all possible default home page names – like: default.htm, default.html, default.asp, index.htm, index.html, index.asp etc etc (I’m sure you get the idea) into the root directory of your site on web host’s server. Your home page is now overwritten by their nonsense. Many are also duplicated in subfolders.

    What puzzles me is that if I use FTP to access my web site it requires a password – yet these hackers can make changes without knowing the password. I’m guessing it’s specially made hacking software that exploits weaknesses in the server software.

    Best wishes,

    Jim Robin

    May 18, 2010 at 6:51 pm