Is Your Website Safe From Hackers?
Words You Never Want To Hear: By The Way Your Site Is Down….
Imagine for a moment that you’ve had a perfect start to your day. The sun’s out, you hit all green lights on the drive in, and even got to listen to your favorite song on the radio. Then you get a call from the office manager. He says a customer called and she was having problems with the website. “Just wanted to let you know.” You check for yourself and sure enough it loads but something is very wrong. It doesn’t look like your site at all. Did you get hacked? How long has the site looked this way? How long is it going to take to fix and when is the last time you checked the backup? Suddenly your day has gone from perfect to panicked.
Scenarios like this happen every day. Google will tell you that they quarantine around 10,000 websites a day and that’s not including sites that went down due to hardware failure, denial of service attacks, or a green admin who clicked the wrong button. Popular security firm, Securi, estimates “somewhere in the neighborhood of 9 million websites are currently hacked or infected.”
The problem is staggering, but fortunately the solution is simple.
Keep software up-to-date and have a recovery plan.
How you implement the plan is up to you, but you need a plan. Whether you subscribe to our maintenance package and have our techs do it for you or if you prefer to do it in-house, we recommend the following to ensure your site stays online and that you’re prepared should the unfortunate happen:
- Check for updates weekly
- Use an uptime monitoring service
- Have recent backups and store them at a separate location
- Continuously scan your site for malware and vulnerabilities
- Perform quarterly recovery testing
Check For Updates
It seems like every month there’s another security update for your computer’s browser, word processor, spreadsheet program, or accounting software. Hackers are constantly finding ways to compromise software. Your website is no different. You should be checking at least once per week for WordPress and plugin updates.
Use An Uptime Monitoring Service
When a website goes down completely, it no longer responds to browser requests. There are services available that check your site routinely and if the server doesn’t respond, you get an email notification that the site is down. Getting a notification is not the time to worry, it’s time to investigate. If it comes in at 3am it could simply be a scheduled server maintenance.
Keep Multiple Backups And Store Them At Separate Locations
Any IT guy will tell you, backups are your saving grace when technology fails and everything goes south. Whether your site gets hacked, your files get corrupted, you experience a catastrophic hardware failure, or you simply deleted the wrong file – backups will get you back on your feet. So, what makes a good backup system? How often you backup and how long you keep your backups can vary depending on the needs of your site, but in general:
- Keep a month’s worth of daily backups
- Keep a year’s worth of monthly backups
- Store backups at multiple locations
- Make routine integrity checks on your files
Scan Your Site
To protect both your site and your clients, you should routinely scan your site for malware and security vulnerabilities. The WPScan vulnerability database (wpvulndb.com) contains security vulnerabilities for WordPress and WordPress themes and plugins. If a vulnerability comes up in a theme or plugin that you are using and the developer doesn’t issue a fix you’ll want to remove it. Plugins such as the Plugin Security Scanner by Glen Scott can check your site daily against the WPScan database and email you if it finds a vulnerable plugin.
Recovery Testing
It doesn’t matter how many backups you have if you don’t have a recovery process to make use of them. Recovery testing involves creating a working copy of your production site using only your backups. Doing so will point out any shortcomings in your backups. If you aren’t backing up all of the necessary files or there is a failure in any part of your backup process, the recovery will fail and you’ll know what to fix.