I have now been personally hit twice by malicious hackers; this with short intervals. These hackers have with diverse motives and approaches attacked several web sites in my portfolio. The attacks have had the common intention to implement hidden pages of different types into my work. Some use these pages for pure phishing attacks and use them as “link farms” who use link power of a domain.
This has thus affected me even though I myself, in my innocence, consider me to work actively with security as far as my knowledge of the subject goes. If I, who consider the importance of security, suffer from an attack I realize there will be others who are not so security considerate and can be severely affected. Hence this post.
The question is if you are prepared when your web site becomes the victim of an attack? Maybe your web site, at the time of reading this, is hijacked and used for improper purposes. Are you prepared to take the cost when your web site can not be open to visitors? Chances are probably no.
This is why we in this blog post would like to share tips and tricks that can help you identify if your site is already under attack and how you can protect yourself in the future.
The first question is – how can this be critical for my chances to rank high in search results?
A single image can answer that question.
If you encounter this image when you visit your web site you can be sure (provided that someone has not made a big mistake) that you have suffered from some type of attack. Today, this warning is built into all browsers and will stop your visitors from entering your web site. Note that although you do not get this warning, you can still be under attack and this warning comes up when it is already too late.
But what about the search results?
In addition to this warning, it is a fact that your web site can be penalized in the search results, which means your web site can be ruled out until you solve the problem with your site. This does not only apply to your homepage, it can also apply to other pages and at worst, even your entire domain. Once it happens, you are required to submit a request to Google for them to manually check your web site for problems; this can take many weeks to get sorted.
But how can I identify web site problems?
The answer is to use and implement Google Webmaster Tools. Google Webmaster Tools provide a functionality that will notify you would Google detect any problems with your site. As seen below, my web site is now clean, but the fact is that if there are problems you can find them here. You will also receive an e-mail would problems arise.
But how can I protect myself?
The first and most important step to an enjoyable night’s sleep is to choose to start working pro-actively to protect your website.
The following 10 tips act like a second step towards a safer site.
No matter what program you use to run your online business and website you should always update your system continuously and as soon as there are new updates. 9 times out of 10, you have closed any security leakages which are critical if you do. If doing this, you have come far in your security work. This of course applies to any types of additional applications you choose to install.
Change password continuously
Many may think that this point is tough. But it works. If someone has improperly gained access to your password, you can solve this by changing password and this will determine if this will occur again or not in a few days.
Use different Passwords
Use different passwords (and preferably also user names) on all services and systems. Using the same password in all places gives your attacker multiple choices when attacking you. Also remember to use sufficiently difficult passwords.
Use Security Plug ins
Today there are many types of plug ins and applications that can help you monitor and review critical security features. Along WordPress comes WP Security Scan which will help you to secure among others passwords and databases.
Forms that handle data in an inaccurate way is commonly used by many ill-intentioned hackers. Always, whether you code your site yourself, let someone else do it, or use applications, ensure that proper validation of your data occurs. If there is a field for entering phone numbers, ensure only numbers can be written in the field. To filter out invalid characters properly will protect you from many unpleasant surprises.
Check terms and rights
Are you in control of who has rights to read and write catalogues and files on your site? Be careful to always check which rights new files and directories have to make sure no unauthorized can read and write them in the wrong way.
Verify your .htaccess
Always check that your .htaccess files are in place and are designed properly. They control how users access specific directories at your web host.
Back up daily
Would a really malicious person be ill-intentioned enough to take away all of your site, I can promise you that you will sleep well would you have a backup available somewhere else. It does not have to be difficult. Either you buy the service through your web host or use applications. For WordPress there is the BackupBuddy that lets you make backups at multiple external sources.
Use reliable additions / applications
Have you found an application such as WordPress on a odd-looking website, then turn around as soon as you can. Always use applications that you know have existed for a while, are frequently updated, preferably with an established base of customers and is found in the WordPress official collection of supplements. Similar approaches apply to all types of systems capable of adding and supporting your site.
Dare to ask
Is something unclear? Dare to ask, either here through this post or to the developer of your site. A site that is parked, can cost big money for every minute. This is why it is important to be prepared and work pro-actively.
When it comes to security, there are as many approaches as there are people, and within people developers and web administrators. How do you work with security? Have I missed some important advice that saved you from disaster before?