Unfortunately, website hacking has become a common occurrence. Within the past few months, hackers have penetrated websites of businesses and agencies as disparate as the Venezuelan army, the UK National Lottery, the Hungarian Human Rights Foundation, KFC, and Tesco Bank.
If you run an e-commerce site, you run the risk of hackers trying to steal your customer’s personal data to commit identity theft. You may think you’re not at risk because your site does not contain any sensitive data, but that is not a good assumption. Hackers are increasing breaching sites to get access to servers they can use to send spam or attract visitors to buy their products. For example, if you search Google for the phrase “buy meds online,” the top-ranked result is a link to a London-based speciality book publisher. It’s unlikely the company is selling pharmaceuticals, but it is almost certain that hackers have compromised the site.
While there are no measures that can provide 100% protection against hackers, you can take steps to discourage them and send them looking elsewhere for a target.
Keep your software and systems updated
It is essential that all software you use on your site is current. Outdated software is one of the easiest ways hackers can use to gain access to your site by using known flaws. If you have a dedicated server, also be sure you are using the latest version of its operating system.
If you use plug-ins from a third party, be sure you apply any updates or security patches as soon as they are available. Before you install any new plug-ins, do your research to ensure they are trustworthy. Promptly remove any outdated plug-ins from your server when you no longer use them.
Use strong passwords
Hackers often try to gain access to the administrative areas of a website by trying to guess various combinations of usernames and passwords – don’t make it easy for them. Always use a combination of lower and uppercase letters, numbers and special characters when you create passwords and be sure to change them frequently. As ridiculous as it sounds, many individuals and companies still use passwords that are easy to guess, including 123456, qwerty, abcdefg and password!
Do not use the same password for every administrative function, and change your passwords regularly. Always encrypt your passwords when you store them for further protection against hackers.
Limit file uploads
Use great care if you allow users to upload files to your site, as a hacker may use this function to upload an executable file to try to get access. Prevent users from direct access to any files they upload by storing them in a location separate from the root directory and changing the permissions associated with those files to prevent users from executing them.
Conduct penetration tests
There are both free and paid tools available that you can use to conduct penetration tests to simulate hacking attacks. Consider conducting penetration tests on a regular basis to see if your site has vulnerabilities that need correcting before potential hackers find them.
Slow page loading time can be a symptom of a hacked website, so consider using a website monitoring service to detect any performance degradation promptly. You can also use this type of service to alert you when content on a page unexpectedly changes.