Getting Hacked

June 10, 2013

Unfortunately getting a hacked website can happen to anyone. It doesn’t matter if you are a big business or a small one, it can happen to you. Don’t take it personal, it is nothing against you. Most of the time humans aren’t even doing the hacking, it is computers or bots. They randomly search through the internet looking for weaknesses in peoples websites. There are many different ways hackers get in and there are many things they can do to your site. I will list a few of the major ones and provide a few solutions.

1. Brute force – This is done when a hacker (computer) goes to a site and tries varying combinations of passwords and usernames to access a website. They can do this for hours. This is one of the reasons passwords and usernames and so important. They start off with the most common of both. They randomly go through the internet trying to access sites.

Tips to prevent this:

DO not use ADMIN as your username. This is the first one that they try.

DO not use the most common passwords. (Click here for the list) Make it complicated, use numbers, letters, and characters.

If using a content management system like joomla or wordpress install plugins that prevent hackers from too many attempts. Limit logins, wp-security, wordfence all block hackers after a set number of failed attempts.

2. SQL Injection – This type pf hacking is done through someone accessing the database for your website and injecting code that makes your website do things that it would not usually do.

Tips to prevent:

Keep your files, programs, and plugins up to date!

There are also plugins that can monitor files, and coding that can be done to your .htaccess file to prevent this from happening.

Things to watch out for:

Outdated programs.

Themes that are not updated often

Too Many Plugins

3. Hacking into the host – Sometimes it has nothing to do with your site at all but your host. Hosts need to make sure that they keep their security measures up to date. If someone hacks into the host through another website they potentially can access your site too. If you have a good host then this is less likely to happen.

4. From your local computer – Those virus and malware scans are important for a few reasons. They protect your computer, but they can protect your site too. If you accidently infect your computer you can transfer that malware to your site. This can be very difficult because you can keep removing the code from your site, but if you do not realize it is on your computer and you can keep reinfecting your website.

How to tell if your site is infected:

Google webmaster tools – If you have google web mastertools installed and you should…you will be emailed if anything suspicious is detected. You can also check it periodically.

Sitecheck  – This is an online program in which you enter your web address and it scans your site for anything unusual.

Google now also has a website with some basic instructions of what to do if your site is hacked. Read about Google’s recommendations.

 

If you just don’t know where to start, give me a call and I am happy to give your site a free evaluation.

Posted in Security, Web Design, Web Development, Wordpress