Are You Prepared For When Your Website (or Blog) Is Hacked?
Whether you're an individual blogger or a business, it's likely at some point your website will get hacked. I've managed hundreds of websites over the years, and unfortunately, it is fairly common for this to happen. So there are two questions you need to answer.
- Have you done everything you can to prevent a website hack?
- Are you prepared to restore your website in the event it gets hacked anyway?
It's not a question of if it'll happen, it's more likely a case of when. Well, at least when it comes to preparing, it's helpful to think in these terms.
Why are websites attacked, especially small sites without much of an online presence or a valuable database to steal? There are a variety of reasons why websites are hacked, but many times the hacker is attempting to hijack the server for illicit services including using the mail server to illegally send out spam email. It's an unpleasant reality, but it's something we've got to mitigate against. So, let's dive into how we can resolve the first question.
Preventing A Website Attack
The best way to prevent a website attack is to ensure your website software is current. If you're using Joomla, Wordpress or some other CMS system, you'll want to install every software update when it comes out immediately. This is especially true for security-specific updates. Whenever there is a Joomla update, I'll receive an email from all the websites I'm managing to update. Wordpress has an automatic updating option so make sure to turn it on. Beware that sometimes these updates can break the website so you'll want to have a backup in place should this happen. If you're operating on a proprietary system, you'll have the benefit of your company managing this on your behalf.
In addition to ensuring your website software is up-to-date, extensions and plug-ins are also a security risk. You'll want to make sure you're keeping them current and only install plug-ins made by companies you trust. If you keep your extensions and main software up to date, you've prevented the low hanging fruit hacking from ever happening.
For my Joomla clients, I'll also install jHackGuard by Siteground to help protect against SQL database injections, remote URL/file inclusions, remote code executions, and XSS attacks. Siteground also has helpful tips on securing your Joomla website here. Here's a list of what they recommend and explain in further detail on the linked page.
- Keep Joomla & extensions up-to-date
- Use strong login details
- Use Proper file permissions and ownership
- Use Joomla security extensions
- Protect your administrative page
Responding To A Website Hack
Ok, so let's say you've done everything to prevent an attack (or not) but your website still got bulldozed by some foreign techie, now what? I'm currently hosting with InMotionHosting (affiliate link) and they'll usually detect the hack before I do. As a result, they'll clean it up and resolve the problem on the server. If I find it first, I'll let them know and ask them to scan and clean the server of any malicious files or problems. In some cases, this hack will break the website while other times it can be fixed without having to restore the website.
Recently, I had a client who was migrating servers. During the end of the process, his old server was hacked and everything was simply deleted. There was nothing left and because of an error with the backup system caused by my client, there wasn't even a backup to restore everything. Thankfully, we were migrating away from this server to a new one, so the hack didn't affect his business.
But, there is no worse feeling than thinking everything you've worked so hard to create has suddenly vanished. For this reason, we want to create a regular backup, apart from our hosting company. This will give us an extra layer of control when it comes to restoring websites. For the clients I provide a backup service to, I'll save a copy of the backup installation zip file on the server, my computer and one other location. In addition to the hosting company back up, this gives us four options to restore the website. We could have multiple catastrophic failures and still be able to restore the website.
If you're using Joomla or Wordpress, I recommend Akeeba Backup. In fact, it's one of the first extensions I install when working on a website. I'll let the Akeeba Backup setup wizard configure itself and change the save file type to Zip. Outside of that, I keep it up-to-date and backup my websites weekly, or as often as I update content on it.
What Are You Going To Do With This Information?
The downside of keeping our sites current and making sure we have an up-to-date backup in multiple locations is remembering to go in and make sure these are all done and current, at least on a monthly basis and no less than quarterly. Since this can be challenging for many of my clients, I offer an update and backup service. I'll make sure everything stays current and there is a recent backup available for restoration, should a hack happen. Whether you hire someone like me or do it yourself, just make sure these two activities happen.
- Created on .
- Last updated on .