A Digital Marketing Agency advises on how to make your website hacker proof
(The following advice comes from a leading Digital Marketing Agency – RoarLocal.com.au)
Every day you hear about some website or celebrity Twitter account being hacked into. Associated Press recently had their Twitter account hacked into by Syrians. And the stock market fell 100 points as a result of a tweet that the White House had been bombed!
Donald Trump fell foul of prankster hackers with embarrassing consequences.
Mostly we ignore these and assume that it will happen to some big company website or Barack Obama’s Twitter account.
But, I’m here to tell you that every day your website is under attack.
The problem is, you just don’t realise it.
Think your business is too small or not significant enough to be a target? Think again.
Your website has 1 very valuable commodity that every SEO worth their salt wants – your back links.
Did you ever wonder how all those Russian and Chinese porn sites get ranked so well (assuming you’ve searched for the keywords of course, ah hum)?
They hack into unsuspecting websites like yours and post hidden links all over the site. Unless you know where to look you’ll never find them. BUT Google does, and it will penalise your website for having them on (costing you money through lower search engine rankings and higher PPC costs) and it will destroy your online reputation.
That’s only part of the problem. For most websites are going to be built on WordPress. In fact, the MAJORITY of websites are already built on wordpress, this one included!
Don’t get me wrong we LOVE WordPress at ROARlocal, and we encourage all our clients to use it, BUT, WordPress’s own popularity has also doomed it to be the target of numerous hacking efforts over the years.
With the latest version of WordPress having been downloaded well over sixty million times, WordPress-based sites present an opportunity for cyber criminals and distributors of PC threats. An inadequately-protected WordPress site can be used to host a variety of attacks, including redirects to malicious sites and drive-by-downloads.
However, we have come up with the following ways of closing the majority of WordPress’s obvious security holes, leaving your website less-than-ripe pickings for any would-be hacker.
So how can you make sure your wordpress website is hacker proof?
Here are 6 key steps to follow:
1. Always update WordPress to its latest stable version.
While this may seem like such common sense that it scarcely bears repeating, failing to update WordPress whenever stable updates are available is a fast track to sending your blog towards a hack attack.
Old versions of WordPress have been known to allow various types of extremely invasive attacks, such as the SQL injection exploit of June 6th 2007 that allowed hackers to gain access to entire databases worth of account user names and passwords. In this case, an entire month passed before the WordPress team remedied the situation with a security patch – and one can only imagine how further delay in installing that patch could open your site up to hacking efforts.
A 2007-era study concluded that all but a mere two percent of WordPress blogs were using outdated versions of WordPress and, therefore, vulnerable to a wide range of security attacks.
2. Set WordPress to avoid displaying its version number.
This goes hand-in-hand with keeping WordPress updated. Prevent potential hackers from knowing what version of WordPress you’re using, thus making it harder to figure out which exploits will work on your site. A simple addition to the functions.php file will remove the relevant hook that displays the WordPress version:
3. Set register_globals to register_globals=off.
This vulnerability is one that many WordPress users may take for granted since many sources at WordPress.org itself recommend for you to leave it on by default. However, register_globals=on has a long and sordid history of being used to hack WordPress websites, including a series of January 2007 attacks that were used to force popular blogs to redirect to malicious sites.
Such site redirects can include redirecting visitors to rogue security software or malicious domains and other types of PC threats. Such malicious sites may lead to rogue security software such as Windows Malware Firewall and Windows Antivirus Rampart. We note that the hacker responsible for the attacks in January characterized register_globals=on WordPress blogs as ‘easy targets.’
4. Use smart advertisement-management plugins to protect AdSense and other exploitable ads on your site.
While ads can be a great source of revenue, they can also be exploited by various methods – such as hacking attacks that swap out your ‘real’ AdSense ads for irrelevant pharmaceutical ads, or clickbombing attacks that overload AdSense with a flood of clicks to shut your AdSense account down.
Selectively using security plugins like ‘Who Sees Ads’ or ‘Better WP Security’ to control your ads displays and ad-related settings can help to prevent such embarrassing incidents. However, you shouldn’t install plugins willy-nilly, either – some plugins, such as AdSense Integrator, have a history of enabling the very types of attacks that they’re supposed to protect against, which will send your potential ad revenue stream straight into criminal hands.
Finally get your site monitored!
I use Sucuri to monitor all our sites. They check our sites every 4 hours for malware and if they detect anything they get rid of it! VERY nice. You can check them out here.
I’ve found them the best, and believe me, an ounce of prevention is worth thousands of pounds of cure!
I am WELL aware this is a very techy post but please don’t be put off by it.
This is important.
And as I said, we’re happy to take care of this for you. Just get in touch at RoarLocal.com.au