So you’ve got a great website up and running that you can manage and update for yourself. It’s very empowering being able to edit your website without having to go back to the web developer every time isn’t it? But what would you do if your website got hacked and you were locked out of your website?
This blog looks at what can happen when a hacker gets into your website and how you can set a really secure password to keep the bad guys out.
What do hackers get from taking over my website?
If think that a hacker would have no interest in getting into a website that has low volumes of visitors, you’ve very much mistaken. Even sites that get a few visits a day are valuable to a hacker. Here’s a few of the things a hacker may choose to do with your website.
- Spamvertising – your hacked could be used to send out thousands upon thousands of spam emails a day. Fairly soon your site’s domain and email addresses will be blacklisted, but by then the hacker will have moved onto a different site. If you are on shared hosting, every other website on the shared server will probably get blacklisted too.
- Host Malware & Viruses – your site could be the host for some malware that installs onto the computers of your site visitors. This malware could then phish for passwords and card details of your customers. The site could also be used as a springboard for viruses to get onto your visitors computers, potentially rendering their computers useless.
- Anonymous Computing – your web server could be used to perform complex operations such as mining financial transactions of innocent web users. The hacker remains anonymous in this process – it’s happening on your web server!
How do I stay protected?
Most user-editable websites have some form on online log-in that needs a username and password to let you into the editing ‘backend’. We spoke to our friend Simon at Wayfresh, a leading web development agency in the North East, UK about how to keep a website secure with a strong password. Here’s what he recommended.
- Don’t use any password that is related to what you do. Your password needs to be completely guess proof. So, if you’re an online bike shop don’t be so obvious as to use something like cycle123 as your password.
- Your password needs to be memorable – (though most systems have a reset password link, just in case you do forget)
- Use a mix of uppercase and lowercase letters.
- Add a few punctuation marks or symbols such as &, ! or ?
- Try using a few common but unrelated words to make up your password eg Far, From, Fright and Fear. When turned into a password that would be Far from Fright & fear – you can see that combination has a mix of uppercase and lowercase letters, has a symbol in it and is fairly easy to remember.
What do I do if I suspect my site has been hacked?
If you notice anything odd about your website, like content you didn’t put up or if you are unable to log into the site even though you haven’t changed your password, contact your web developer straight away.
Be wary of emails that ask you to confirm your website log-in credentials – just as you would be wary with phishing emails that claim to be from your bank. Never supply your log on details to anyone – even if the email tells you that your site has been hacked or is entitled to a free SEO audit. If in any doubt at all, do not respond to the emails – contact your web developer by phone instead.
In the event that your site has been hacked your web developer should be able to assist you in getting back in control of your website and removing any malware that has been installed.