You are currently viewing How to Stop Your Site From Being Hacked

How to Stop Your Site From Being Hacked

A hacked site is a lot of trouble for a business, fortunately there are a number of things you can do to prevent issues. Take a look at these tips for preventing your site from being hacked.

Keep Your Software Updated

As a site owner, your job is to make sure your site is running efficiently. Whether you have a DIY site on a third party platform or your site was built from scratch by your development team, you need to make sure your software is up to date.

Content Management System (CMS) providers, like WordPress and Joomla, work very hard at plugging the holes in their systems that might make your site vulnerable to attack. The CMS providers regularly release patches and updates to keep your site protected. However if you do not update to the latest version of the program, then you are leaving site exposed.

If you use third party plugins, you also need to keep track of their updates. If you have plugins that you no longer use, that are old or that do not update, clean these out. These plugins are sitting ducks and can be used as a gateway, by hackers, to enter your site.

Build a Layer of Security Around Your Site

Before you leave your house, you lock your door. Before browsing the web, you install and activate antivirus software. If you have a website, you should have a security system to protect it against hackers. A Web Application Firewall is the first line of defense against a hacking attack. This firewall is designed to inspect incoming traffic and weed out malicious requests. It can protect your site from SPAM, SQL Injections, brute force attacks, Cross Site Scripting and other threats.

Until a few years ago, the Web Application Firewalls were only available as hardware. Today there are a few security-as-a-service (SECasS) providers are using cloud technology to reduce the price of this security solution. In the past, it was only available for enterprise level setups. These providers are revolutionizing the SECaaS industry.

Now, all website owners can rent a cloud-based Web Application Firewall. They no longer have to commit to pricey applications or have a dedicated server. This plug-and-play system does not even require a security expert to set it up. You don’t even need to know every aspect of web security. Let’s face it, most of us don’t have the time or inclination to become cyber security experts.

Ensuring you have a server or a host that fits well above the capacity needed for your site is also important and can help prevent a DDOS attack – this piece from Capita IT Professional Services covers this well.

Hundreds of thousands of websites are hacked each year. It’s clear that most hosting services are not equipped to handle the security threats that exist in today’s world. Honestly, a web hosts primary agenda is not website security.  Luckily, Web Application Firewalls can fill this void.

Use A Strong Password and Change It Regularly

During a brute force attack, the hacker will try guessing the username and password. Using automated systems, they are able to try a number of combinations. This type of attack has increased at an alarming rate. Thousands of sites are attacked on a daily basis across the web.

A strong password is an effective way of reducing and possibly stopping a brute force or dictionary attack. Strong passwords should be used for all of your logins, not just your email or financial sites. They are especially imperative on your website service, admin and database and domain registrar logins.

Your password should be a combination of alphanumeric characters, upper and lower case characters, and symbols. The password should be at least 12 characters long, in order to prevent brute force attacks.

Don’t use the same password for all of your logins. Each site you log into should have it’s own unique password. Change your passwords regularly in order to provide an additional layer of protection. User’s passwords should be in encrypted form, so that if there is a security breach, attackers do not gain access to the actual user password.



Richard Hale is the Founder of Hale Associations, a company that provides Web Development, SEO and Marketing services globally.