Eight Things I Learned When My Web Site Got Hacked
January 4th, 2010 | General
When you’re a vocal advocate of regular blog posts, the last thing you should do is take an unannounced three-week break. Yet that’s exactly what I did during the last half of December.
No, I wasn’t just enjoying Christmas vacation. My web site got hacked, repeatedly, and while a coder and I were able to remove the malicious code within moments of it appearing, the situation has caused me no end of stress.
It’s also made me rethink web site security. I used to be rather blasé about it, thinking WordPress and my hosting company would protect my data. But when someone from Russia gains access to a web site you’ve spent hundreds of hours building, your priorities shift dramatically.
Here’s the scary part: I’ve talked to nearly a dozen experts, and no one can pinpoint exactly how the hacker got in. So while I’ve strengthened security, there’s no 100-percent guarantee that a hack won’t happen again. But what I’ve learned over the past three weeks may help you avoid a similar attack.
How To Protect Your Site From Hackers
Back up regularly. For many people, backing up their web site is like flossing – they know they should do it, but they never get around to it. But taking five minutes to back up your site, even once a week, could save you countless hours of frustration. WordPress has some plug-ins to make this easier, and for a small monthly fee, some places will even do it for you.
Do your research. Before downloading a plug-in or other addition to your site, do some research to make sure you’re not introducing security threats to your site. Some plug-ins provide a back door for hackers to enter.
Check your site. Don’t wait for someone to tell you that your web site is down. The very last thing you want, especially if you’ve spent any time on SEO, is for Google to spot the malicious code before you do and flag it in its search results. That’s why it’s important to open your site on a daily basis and make sure it loads correctly. You can also search for hidden links and other suspicious code by right-clicking the page, then choosing “View Page Source.”
Always update. If you use WordPress like I do, you’ve probably seen those little bars across your dashboard that let you know when an update has been released. Don’t wait to update. The new version may fix critical security flaws that have been uncovered since the last release. (This goes for plug-ins, too.)
Change your passwords – and make ‘em good. Ever wonder why the experts suggest passwords with random letters, numbers and special characters? It’s because hackers can use a “dictionary attack” to guess your password from an exhaustive list of possibilities. It’s also important to change your password regularly, because you never know when and how it may be harvested for later use.
Have someone you can call. When you discover malicious code on your web site at 8 p.m. on a Tuesday night, you better have someone to call. For me, it was a freelance PHP coder I met at a local New Tech Meetup. He got right to work, and I was able to sleep that night.
99.9% of people rock. The night I noticed my web site was hacked, I had a minor meltdown on Twitter. (Not recommended.) My followers quickly came to my rescue, offering help and support. A few coding experts even checked out my site and gave me their advice. It made me realize that while there’s a few scumbags out there, the vast majority of people are really, really nice – even to crazy women blathering about hackers in CAPS LOCK.
An ounce of prevention is worth a pound of cure. I’m no expert, so if you have any questions, contact a coder you trust and get a web security consultation. It may cost you a few hundred dollars, especially if changes need to be made, but it will provide an extra layer of protection against hacker attacks.
Kelly Watson is one woman on a mission to show the world that marketing your small business doesn't have to suck. 
Tom Mahoney says:
Sage advice for sure! If the WordPress updates would actually work, it would really help!
Next TM meeting, can you bring that PHP coder's info. I could use it for a few small projects.
January 4th, 2010 at 7:46 pm