These days, you’d be hard pressed to find a website that hasn’t been targeted by hackers. Whether they aimed to infiltrate the site through old software or plugins, or by using a brute force attack, there’s no doubt that some attempt was made to get under the hood.
And now, it’s become blatantly more obvious that our web security is at risk. In recent news, it was revealed that an easy to search database of more than 1.4 billion password credentials has been leaked and made available in a number of dark web communities. The information available on these communities includes passwords that can be used to automate the search for admin level server and CMS access to websites, regardless of the platform. Several instances of hacking in recent weeks have proven that it doesn’t matter what framework your site is using – whether its WordPress, Joomla, PHP, or static HTML, if you’re not using a strong password you are putting yourself at risk.
It comes as no surprise that, with this information at their fingertips, brute force hacking attempts are now all the rage. By using an automated bot, hackers can make hundreds, if not thousands, of attempts to guess your password in a matter of minutes. These bots use random combinations of letters, numbers, and special characters until they find one that works. Once they infiltrate your site, they inject their virus. This can be anything from an unwanted cookie to hidden pages in your site.
What Happens if You’ve Been Hacked?
Lucky for us, Google is to the rescue once again. Their Webmaster Help blog released a timely and effective tutorial, covering how to fix a hacked WordPress installation (the most common and widely used content management system) and covers several common hacking types and practical advice for reversing the damage.
To comprehensively assess and repair the damage, you should also review your website’s database and identify any new users with admin level permissions. After all, if you completely clean the current infection but leave the hacker’s door wide open to re-enter your site, what good have you really done?
Another helpful tool to carry around in your bag of tricks is the User Agent Switcher. This is a Chrome browser extension that allows you to view your site in the eyes of a Google bot. If, when checking through your websites pages, you come across some spammy content that isn’t supposed to be there, you know there is still a problem to be solved. This is also a fast and easy way to check over your site and make sure everything is in tip top shape when it comes to the quality and appearance of your content.
How Can I Protect Myself from Hackers?
For starters, make your password a real thinker. Use a random mix of numbers, letters, and special characters and try to make it anywhere from 8-14 characters long. Obviously, that won’t make it an easy password to remember. Rather than storing it in your browser or in an easy to access file, consider using a secure password storage service like LastPass (this is the one we use). This is a rule you should follow for not only your admin password, but all passwords related to your site – and, in all honesty, any other important logins (like your online banking, student loans, car loan, etc… I’m sure you get the gist).
Also, if your website is on WordPress, consider installing a security plugin like WordFence. This comes especially in handy when it comes to brute force attacks. For instance, you can set the plugin to block a certain IP after they’ve attempted to login to your site an outlined number of times. You should also be making regular backups of your websites files via FTP and have saved copies of your site’s database in a secure location. That way, if your site is hacked, you can quickly replace it with a clean, unscathed copy and your work is done.
Overall, if you use common sense, and make a few smart moves along the way, hackers will have a hard time finding their way into your site. Most of these people have a short attention span and will quickly move on to an easier target. Stay savvy, Tampa Bay!