Minimise the chance of your website being compromised

Yesterday I discussed what to do if your website gets hacked, but as well as addressing what you’d do in that case, it’s also necessary to ensure you minimise the chances of it happening in the first place. Fortunately there are a lot of things you can do with most content management systems, and they’re well worth the time and/or financial investment involved.

The most obvious is making it difficult to get into the system. Don’t use obvious user names (like ‘admin’) and – of course – have decent, long passwords. A 20-character phrase (even in plain English) is much better than an 8-character collection of letters, numbers and symbols, whatever’s implied by the system when you first set up a password. And if there’s a two-factor authentication system available, use it. Also, check out the user list: many sites have access open to people who left years ago, or who once came in to help.

Investigate how attacks are made on websites and how you might protect against them. As mentioned, I use Wordfence on my WordPress sites, but there are many good products out there. Keep your content management system updated: many of our sites will be tested by malicious bots dozens of times a day, so speed of implementing vulnerability patches is critical. And perhaps most important of all, check that your site is getting regular, frequent backups. In case of emergency, this will enable you to wipe the problematic site and ‘roll back’ to a state when it hadn’t been compromised.