How to prevent your website being hacked

Posted by by Aaron Clancy in General, Maintenance, Plugins, Top Ten

Recently one of my websites was hacked by a third party who put malicious files on my server. Before I go into the details, it is important that you have a strong network around you as I only found out because I was messaged and Tweeted privately informing me. The reason I never knew, was because I use a MAC, and this was showing my site as normal. It was only people on Windows based systems could see the site was infected. Either their anti virus was blocking my site coming up, or they were being redirected to a third party website in Russia.

As a result of being hacked, my hosting provider shut my site down and asked for the malicious files to be removed. It was a bit more complicated than this, and when the files were removed, and the site reloaded, it didn’t take long for the site to start playing up again.

This resulted in my team having the site pulled down. Due to other arrangements and commitments, it ended up taking nearly a week to get the site back up and running and working efficiently again.

Top ten tips to prevent your website being hacked

1. Ensure you back up regularly. There are some great paid back up plugins out there such as WP Twin and Backup Buddy, but you can still use a free plugin that will work effectively. A good one to use is WP Backup. The main difference between the free and paid plugin, is the free plugin does not back up absolutely everything like Backup Buddy or WP Twin will. When I had my site reinstalled, certain custom CSS settings were reverted back to normal. However all the main changes did carry over like content, posts, etc.




2. Use the latest version of WordPress. WordPress do update several times per year and it is important you are using the latest version. You are leaving your site vulnerable to hackers if you do not. Often people do not like using the latest version because it can be buggy at first, but I highly recommend you do upgrade your WordPress version




3. Update your plugins regularly. Most WordPress blogs have between 15-30 plugins installed. Therefore it is essential that you do log into your various websites regularly and have them updated. You can usually see that plugins need updating by the symbol showing by the plugins section.




4. Ensure your Theme Framework is update too. I use Woo Themes, and they sometimes release an update. Make sure that you do update your framework. This can be done via your Framework settings as shown in picture




5. As well as backing up to an online server (some WordPress backup plugins let you backup to their servers for free) such as a free provider, or Amazon S3, I highly recommend you also back up to an external hard drive. This covers all bases, and will safe guard you against any online or offline issues you may encounter. I do know one Internet Marketer who lost 300 websites in one go, and you learn your lesson quickly when this happend.




6. If you are making tutorial videos showing your WordPress settings, make sure you do not give any information away such as showing your usernames, or showing that your WordPress site still needs updating etc. If your video goes to Youtube, there is the potential for it to be seen around the world, and there are people who will enjoy corrupting your site if they are able to.




7. Be wary of logging into your WordPress site from a public computer. I don’t usually mind using public computers, but make sure you always log off. Someone can come to the computer after you and access your information if you do not.




8. Run anti virus software on your computer and do checks often. Malicious files can be dropped on your computer and you do not even know they are there. By using a reputable anti virus software, you help safeguard your information on your computer. AVG is a great free option for Anti Virus.




9. If you are uploading a theme or a plugin from a third party that is not on the www.wordpress.org website, make sure it is a trusted source. It is very easy for people to create themes and plugins, and you want to ensure that what you are uploading is safe. Usually you can tell by doing searches for reviews online, or checking the developers site etc.




10. Don’t keep putting it off to put a backup plan in place. When you lose your site, you will hit yourself as it is not complicated to do, is free in most cases, but just takes a couple of hours for you to get comfortable with what you need to do and then to get into a pattern of doing it. Some backup systems will do it automatically for you on a set schedule.

Tags: backing up your website, hacker, How to prevent your website being hacked, how to stop your website being hacked, prevent website hacking, website hacking, wordpress back up