If you have a website for your business, you need to be concerned about website security.
Hackers are smart and can sneak into your website without you knowing it.
We once had a site hacked that was probably going on for months. We found out because on of the big pharmaceutical companies contact the website owners and asked them to take down the links because they were using their brand name. What links we said? We were puzzled, until looking deeper, we found thousands of HTML pages that were buried deep into the site.
You know those emails you get that go into your spam folder most of the time? You know the ones with the knock off names of brand name pharma products. They use this info mentioning the larger brands to piggyback on their SEO to make their pharmaceutical sales site appear higher in Google. They are using naughty black hat SEO to trick Google into giving them a higher ranking when someone searches.
When Google figures this out – and don’t be fooled, they always will; your site will then be blacklisted from Google. What happens is you’ll see something like the image below when you appears in Google searches:
There are three key reasons that websites get hacked
- Access Control
- Software vulnerabilities
- Third-Party Integrations
To help keep the bad guys out here are some tips:
- The most important thing you can do is NEVER EVER have the username “ADMIN”. Change your usernames to anything else. Every hacker program out there will start pounding on your site’s door with “admin”.
- Periodically check to see if your WordPress site has been hacked by using a scanning tool like Sucuri to scan your website. However, not all hacks will be caught, unfortunately.
- Register your site with Googles webmaster tools and check it periodically.
- Make sure your core software is up to date. If you are using WordPress, you can have your core software update automatically when new releases come out. You can set this preference up in your c-panel if you have used a program like Softaculus to install WordPress.
- Stay on top of your plugins being up to date. Plugins are another tricky area that hackers can open a back door to your site. Even if you have plugins on your site that are not active make sure those are updated or only delete the ones you are not using.
- Install 2 security plugins like Sucuri and Ithemes Security. One of my favorite features in Ithemes is the ability to change the WordPress “door” – Instead of going to /wp-admin you can change it to anything you like. Just remember to write it down somewhere, so you don’t forget. If you do, you can go in via FTP and disable your plugin folder, or you can change the name of the Ithemes folder by adding a letter after it. This will disable your plugin so you can log back in using the “/wp-admin.” Once you are into the website you can go back to your FTP and restore the name to the original name and you should be able to reactivate the plugin and then check the name that you create and either change it or make sure to write it in a safe place.
- Consider having backups of your site. Sometimes if you can pinpoint when you were hacked, you can restore a previous backed up version of the site.
- If your site does get hacked, don’t panic. It is fixable. We recommend using Sucuri services to fix any hack. There are other less expensive solutions out there but these guys are the best, and they typically have a site cleaned up in hours and your blacklist status removed in a few days if not sooner.