You've been hacked!

You’ve been hacked!

You’ve … been … hacked!

They strike fear into your heart & the clock ticks as you desperately try to contact your website designer or host. Of course, that’s only once you realise you’ve been hacked!
In the meantime, how many leads are you loosing as searchers (potential clients) see the hacked notice & quickly go to your competition?
Recently I met with a new client. They had been in business for 12 months. Right from the outset they knew they needed a website. They didn’t know where to start & contracted a website company to build a small website as part of a package.
There are lots of these around… I’m sure you’ve seen them…

Only $499 for a Complete Website

For only a small investment, your business can have a modern and functional web site.
Simply choose from a huge number of designs, which are customisable to suit your business.

Launch Your Site Within 3 Days

Why wait? Get your new website up and running within just 3 business days!

sounds great doesn’t it? These packages are aimed at the business owner who doesn’t know enough about the web to know what questions to ask.
One of my favorite quotes is

“You don’t know what you don’t know until you know you don’t know it”

This particular client came to me because her site had been hacked & the company who built it was a no show – they simply wouldn’t return her calls. Meanwhile with a hacked website she was out of business. We couldn’t recover the site because she had no way of getting access to her hosting or any back-ups so we had to start from the word go & build her a whole new site from the ground up.

Many new businesses owners are attracted by the words CHEAP or FREE but in today’s business world, nothing comes for free – there is always a price to pay! Whether it’s lack of security through a cheap hosting solution or an el-cheapo web development company who offers you the world then is unavailable when you need them or, worse still, disappears once you pay them your good money!

I have to be totally honest here, all websites are vulnerable to hacking! One of my favorite website platforms, wordpress, is particularly prone because it is open source which means the code is accessible to anyone with the know-how & the will to hack the code but, the good news is, there are a number of things you can to to secure your wordpress site.

Here are some simple tips to save you loss of business & heart ache caused by hacking.

  1. USER NAME: Don’t use the default ‘admin’ as your user name. This is a hackers first port of call – if you use ‘admin’ they only have to crack your password to get into your site. Other user names which they will try are your domain name & your own name. Try names with a mix of capitals, lowercase, numbers & symbols.
  2. PASSWORD: Choose a hard word to pick & don’t use a word straight out of the dictionary. The easy way to do this & remember it, is to choose a passphrase, modify then apply it to any site. For example (don’t use this example, make up your own), say you choose “donkey” as your passphrase. Let’s modify that to have a symbol and a number, so that it will be “&d0nK3y”. This makes your password immune to so-called dictionary attacks – no-one will  figure out your password by entering random words from the dictionary.
  3. HAVE BACK-UPS: The simplest thing to do if you are hacked it to load a clean backup of your site. I love the wordpress plug-in Duplicator for this. Duplicator is designed primarily for moving your site but I like it because I can take regular backups. It gives you 2 files, an archive file & a .php install file. Download these dated files & store them in a safe place. If you are hacked, simply delete your website using FTP (I find it’s really quick to do this through the file manager in your cPanel), upload the 2 files & run the install. In no time your site will be back online! Of course this isn’t the only solution but it is an easy fix for site owners who are not confident with servers, code & a bit panicked to boot! & yes, it does mean your site is down while you are restoring it, but let’s face it, your site is down after being hacked any way!
  4. USE A SECURITY PLUG-IN: I have 2 favourite free security plug-ins – wordfence & all-in-one WP security & firewall. I find wordfence is easy to set up & you can configure how many times a user can try to incorrectly log-in before being locked out for a nominal period of time. You can have emails sent to you when a user is locked out & then block their IP addresses. All-in-one has the same abilities. You can also change the default wp-admin URL, have a catchpa sum on the log-in window. Of course there are many more security options in both plug-ins & you can upgrade to premium versions but for basic security, setting these few things up will go a long way to securing your site.
  5. GET YOURSELF A SECURITY (SSL) CERTIFICATE: I use Let’s Encrypt which good hosts now offer as part of their hosting plans. Look in your cPanel to see if it is part of yours. Unless your site is brand spanking new, when you have installed your certificate but sure to use Really Simple SSL wordpress plug-in to make sure you don’t loose any google juice (by the end of 2017 Google will flag non secure sites – As of writing (Nov 2017) this means 2/3’s of the internet will be flagged as unsafe! If you don’t have it as part of your hosting you will need to purchase one.