So you’ve built the perfect website, people are visiting it and you are actually seeing business pick up as a result. Maybe your thinking, “What else can I do with my website to help out others?” The simplest way to help out struggling hackers, an underrated demographic for sure, is to do absolutely nothing. By doing nothing you can pretty much guarantee that your site will be hacked and used to send spam, redirect users to a shopping, porn or a click bait site, and ruin your online reputation all with a few malicious lines of code. How can this happen, you ask? Teams of hackers continuously search the code for popular website engines like WordPress, Drupal, and others looking for vulnerabilities. To counteract the hackers, developers work diligently to patch bugs and issues and secure their code. By doing nothing you pretty much guarantee your site will be hacked.
Once hacked it can take hours, sometimes days to undo the damage to your site, and even longer to restore your online reputation with search engines and your customers. Finding the malicious code is a painstaking process and requires scouring thousands of lines of code, the database, and uploaded files to find the problem. This is an expensive proposition not to mention the potential loss of business while your site is down.
The solution is to have a good maintenance plan in place for your website. That plan should include a solid off-site backup strategy, regular updates to your site software and plugins, and hardening your site to make accessing your site more difficult. I regularly monitor numerous sites and I can tell you that most sites are being probed for vulnerability multiple times each day.
The first steps to securing your site is to change the default admin user name, use complicated passwords and/or two factor authentication and consider changing the address of the login page. I also defend my sites by locking out users that fail to login after a couple of attempts, blocking attempts from all countries not associated with the account and monitoring who is attempting to access the site and adjusting my filters as necessary.
For those of you who don’t have a need to help-a-hacker feel free to implement all of these suggestions and numerous more. There are many more detailed web pages available that can offer help specific to your website engine. You should also consider hiring an expert to review your site for vulnerabilities and maintaining your backups, security and software. An ounce of prevention is worth a pound of cure.