It’s becoming increasingly common to see sites getting hacked with malicious content and links being inserted to improve the standing of other sites. This nefarious type of black hat SEO works unfortunately, which is why people do it. Google doesn’t seem to be responding to this type of attack and it can leave webmasters in a precarious position if they aren’t vigilant with their site security. So what can they do about it?
- Make sure sites are up to date.
One common cause of site problems is webmasters not using the latest version of whatever platform they are using. Whether it’s Magento, WordPress or another CMS system, you need to make sure that you have the most up to date version. With both Magento and WordPress being the most popular platforms in their class, they are an attractive target for hackers. This means that updates are added regularly whenever a vulnerability is found. Likewise, any plugins need to be kept up to date to ensure that they are secure.
- Keep passwords secure.
A poor password leaves your site very vulnerable to attack. Likewise for FTP and server passwords – if you can find your password on a list of insecure passwords, then you really need to come up with something better. A mix of upper and lower case letters, numbers and symbols should be used and these should be changed regularly.
- Admin login should be relocated.
If you use WordPress, it’s more than likely that your admin login can be found at http://www.yoursite.co.uk/wp-admin/ – it’s the standard set by WordPress. Millions of sites have this, so why is it a problem? If you use Magento, your login page probably appears at /admin/. As this is the standard, it’s easy for hackers running botnets/automated scrpts to find. If they can find it, they can try brute force to try gain access to your site. To prevent this, move the admin page and restrict access by IP address.
- Find trusted plugins.
Plugins are a great way to add functionality to your site, but there are some that simply aren’t trustworthy. Make sure that you only download and install plugins that are regularly maintained as well as trusted in the wider community. Find WordPress plugins in the WordPress Plugins directory and Magento ones in Magento Connect. Make sure you read reviews of any plugin you choose.
- Backup everything and protect it with fire(walls).
Just in case there is a breach of some description, you need to ensure that all your data is stored somewhere else as a backup so that you can roll back to previous versions. Use secure firewalls that are regularly updated to stay safe.
Are there any specific things you do to keep your site safe that we’ve missed? Comment below!