We’re under attack!

Oh good. I have your attention.

website security and maintenanceLet’s talk a little bit about cyber security. Not the kind that involves a bunch of men in suits, but the kind that affects you.

Picture your customers waking up tomorrow morning to find out that their credit card information has been stolen – from your website. Sure, they can monitor their credit and make sure there are no fraudulent charges, but the point is that you have to tell them that. You have to email the loyal customer base you’ve taken so much time to build, and then tell them you screwed up. You didn’t protect them. How many of them do you think will do business with you again?

It’s unwise to think it cannot happen to you.  It happened to SONY. If it can happen to them, it can happen to anyone.  If you get hacked, not only is your information compromised, but there’s a good chance Google and the other search engines will blacklist your site because it’s been infected and it’s spreading malware.

I’d love to tell you that I know how to keep your site from ever being hacked, but the truth is that I don’t. I do know how to make it less likely, however.

  1. Do not use “admin” as a username. This is the one hackers try first. Also, don’t use your first name, last name or business name. Choose something random. I like to look around the room and pick two things and put them together when I choose usernames. For example, if I look to the right of me now I see two things. A lavender plant and my printer. LavenderPrinter2 is a good username. It’s difficult enough for a stranger to guess and can be memorable enough for me.  The more complex the username, the better.
  2. Use strong passwords. A password generator gives a random string of characters that make for a strong password. Even if you use the first initial and birthday of every one of your crazy uncles as your password, computer randomized numbers are harder to guess. There are several free password generators you can use – LastPass and Random.org are popular ones.
  3. Make sure your site is up to date. Out of date versions of WordPress and plugins leave your site vulnerable to attack. If there’s nothing else you remember, remember this:  hackers love outdated sites; the security flaws are easy pickings.
  4. Delete plugins and applications you no longer use. This eliminates potential points of entry.
  5. Back up, back up, back up. In the event your site is hacked, you’ll want to make sure you have a backup. Your web host may do this or you may do it yourself (even better if both of you do!), but you need to know how it works and make sure it’s done on a regular basis. A backup will also be a lifesaver if you “fix” something and instead make it worse.
  6. Install a security plugin.
  7. Last but not least, be sure your information is current. Your username should be connected to a current email address. Your site should be registered to your current name and address, and not a fake one. If you’re concerned about privacy, you can go through your host for a privately registered domain name.  Make sure they have your correct contact information so if there is a problem, you can be notified ASAP before it gets too far out of hand.

This is just a quick list of the basics to keep your website running smoothly and reduce your risks.  Most of us think we’ll never get hacked, but it’s shocking how many times it happens.

If you’re unsure how to do some of these things, please give us a call.  We’re happy to help.

As always, thanks for reading.

Until next time,