CANT SAY IT ENOUGH. No one is immune to having their website hacked. It doesn’t matter if you are a small business with 10 employees or a huge business with 10,000 employees. This was proven again when this past Wednesday the Microsoft site, digitalconstitution.com, was found to contain numerous spam pages and links in its website. The site, according to zdnet, was running an older version of WordPress which made it susceptible to the attack. This should also serve as a sobering reminder to all of us.
What difference does it make if your site is hacked?
We recently signed a new client. She was in a panic and forwarded me the email her firm received from their hosting company: “We received multiple reports of malicious/hacker activity on your account. At this time your hosting account has been compromised and we have been forced to deactivate your services.” Unfortunately her website wasn’t protected from such an attack and her webmaster didn’t know how to fix it. In the meantime, their site was down. To add even more insult to injury, now that her hosting company suspended her account – her emails weren’t being sent or received either.
If your website IP has been blacklisted by a spam database like the SpamHaus project, then your reputation has also been harmed. This means that emails that originate from your website will likely not be delivered to the recipient, and you may not even know it.
Although you can’t prevent all attacked (simply ask Sony) there are things that you can do proactively, to minimize the potential of being hacked and the cost and loss of business..
When faced with security breaches in your websites, recovering from an attack leaves you with 3 main goals to focus on.
1) Removal of the exploited software, malicious scripts and Code Injections,
2) Isolating the point of entry the hacker used to exploit the site and patching the vulnerabilities in your software.
3) Deploy a system that will help you proactive prevent future attacks.
Be sure to backup your site before updating so you don’t lose important files. The cost to fix what a hacker could damage your reputation for a long time, (and it could resurface at an even later date), spam your emails, cost you in sales or new clients, as well as exceed the budgets of some small firms.
This should serve as a sobering reminder to all of us.
> Update your software
> Update your WordPress Plugin’s and Themes
> Remove unused Plugins and Themes
> Install security software
> Use strong passwords for your hosting account, your ftp, your wordpress login – anywhere you access your web or domain account.
> Work with internet providers and website professionals that understand this importance and take steps to keep your site safe.
> Stay informed of any changes to your site.
Note: If you are a legal or medical professional your governing agencies require that you keep copies of everything you have posted online for up to seven years. You are ultimately liable for what is seen by others.
Be proactive – be informed.