There are many ways a website can be hacked or attacked. Here are some actions that website owners can take to protect their sites.
Unusual visitor numbers
In your hosting control panel, you can see logs analysing website visits. AWStats is a popular one. On some of our sites we have found a high number of visits from a single IP address, 6,000 in 15 days. That is 400 per day and can only be automated.
They must be up to no good. They could be using your address to send out spam, or trying to gain access. In Google you can find IP address lists with locations, and sometimes listing their reputation. In the hosting control panel there is a facility to deny specified IP addresses which can block that IP. But you can also block a range of addresses. That is wise because a bad IP can be just part of a range.
Passwords
Years ago it was common to set passwords as memorable words. But these are easy to guess, like names, birthdays, places and keywords from the website. These should be replaced by more secure passwords. Use at least 8 characters and include upper and lower case letters, numbers and symbols (@#$% etc.). These can still be made memorable by taking a word and separating letters with numbers and symbols, or replacing letters with numbers and symbols. E.g. Alexander can be &A!3x@nd3r#, but it would be even more secure if it was just a jumble of characters.
Latest software version
Always update any website building software (such as WordPress) to the latest version. These software updates can be frequent and will close any loopholes that hackers have found. We have found that websites running on older versions are the ones that get hacked.
Files that get hacked
If your website is found to be sending out spam emails it could be that some hacker has got lucky, guessed your password and altered one or more of the website files to automatically send spam. This can cause your host to suspend your website.
To fix that you should change your password and using an FTP program or File Manager find which files have been modified by listing them in date order. Alternatively you can just reload the whole website from the copy on your computer, or from your web designer. Or you can reinstall WordPress and import the exported MySQL database.
Insecure Forms
Protect your site from hackers trying to guess a password by coupling login name and password for validation. Have the response say something like “Either the name or password is invalid” so that the hacker doesn`t know which one is incorrect.
Add Captcha to your forms. This is a script that requires the visitor to type characters from an image on the form, something an automated spam program cannot do. It stops hundreds of spam emails from the form
Forms Allowing File Uploads
Limit the extensions of file uploads to those of images, JPG, JPEG, GIF, PNG, etc. to avoid any executable files getting uploaded to your website. Have any uploads go to a folder outside the website.
SSL
To keep any visitor`s personal details entered on a form secure, get your host to install an SSL certificate. This should cover any form with sensitive information such as credit card details, or date of birth, driver`s license and any details allowing identity theft. This will cost a few dollars per year but will make your visitors feel better about filling in such a form.
ModSecurity
Many web hosts have installed this security plugin to their firewall. This blocks any IP address from which a number of invalid login attempts have been made in a short period. This slows down any nefarious hacker from guessing your username and password to login to your control panel or FTP or email account. Unfortunately the odd website owner who has a lapse of memory can, by using the wrong password too often, lock themselves out of their own website. Fortunately they can ask their host to unblock them.
Conclusion
It`s not a perfect world and even NSSA and FBI websites have been hacked, but anything you can do to slow down hackers will help keep your website safer and encourage visitors.
These articles were first published on www.platywebs.com.au and have been re-published on many other websites and ezines over the years. New readers are still finding them to be of value and up to date with today’s conditions. We believe they illustrate common sense and the value of thinking through situations. Please check out the other articles advising on small business, web design, search engine optimisation, web hosting and domain names