It’s every website owner’s biggest nightmare… you wake up one morning and your website is GONE. Not just gone, but replaced with a hacker’s message!
That’s just one of dozens of worst-case scenarios that can become reality when your website isn’t properly secured.
So what can you do to protect yourself? Below, guest superhero MJ Schrader of Media Guard Group shares the 5 Critical Steps You Must Take to Secure Your Website Today.
Guest Post by MJ Schrader, Media Guard Group
Security is a major part my business, so it seems only natural that I share my top security tips with you. Don’t worry if you are complete tech-newbie or technophobe. These tips are easy to use on any type of site and for anyone.
1) Use a secure password
Oh sure, password1 is easy to remember, so is passw0rd2. However if you are using a word that can be found in the dictionary (in any language) a hacker can get into your website in less than half an hour.
Use a password generator and password manager like LastPass.
2) Check your comments
Yes, it is flattering to see comments. But some people use comments simply for a link back to their website. These will be comments like “Nice site” or “Great article.”
Other people use comments for keywords; they will write some long comment that seems only vaguely related to what you wrote. It uses a particular word or phrase repeatedly.
And the final is the worst, there are some people who use comments to insert malware. These are long and crazy comments. They will have multiple links and just not look right or have prescription drugs names for male enhancement or X-rated sites.
3) Update your website
If you are using a self-hosted format, you should be regularly updating your website. If this scares you, or you are worried about breaking your website, hire someone to do a monthly backup and update. Trust me, this cost is minor in comparison to losing all your work.
4) Backup your website
It doesn’t matter if you host your website or not, you should back it up regularly. If you have WordPress.com or Blogger, the last thing you want to do is visit your website and find they found your website objectionable and removed it! With a backup you or someone can restore it elsewhere.
If you are self-hosted, make certain you are backing up your website not just on your web-server but somewhere else as well. This seems redundant, but if your web server goes out and you don’t have a backup elsewhere your site may be completely gone.
5) Limit access
Perhaps you have a virtual assistant or you have given others access to your website. Creating another user is extremely easy. Create another user for your virtual assistant or anyone else who needs access to your website. Then remove the user access when their access is no longer necessary.
While you may trust these people, viruses and malware can happen to them as well as you. Just like you wouldn’t give your house key to loads of friends, don’t give your website access to loads of friends.
No matter where you host it, or what format you use, these easy tips can help increase the security of your website. Of course these are just a few tips, for maximum security you will want someone who customizes a package to your business and website format. But even a few changes can help reduce your chances of being attacked by malware or hackers. Good luck!
After designing and securing websites for multi-million dollar companies, MJ Schrader founded Media Guard Group. Helping business owners have a site that looks like a million dollars while being easy enough for them to maintain.
If you are ready for a new website or ready to get your website secured, Media Guard Group can help. Please visit our website today http://MediaGuardGroup.com
Nice to see I’m doing what I need to do, and more. The reason being that I run my server on a freeBSD jail, so I have full control. The web user has read only access to the files, I’ve replaced the admin account, I take regular backups, keep my WPMU updated, and I’m running Wordfence on top of that. I limit comments using Akismet in combination with GASP, and I moderate the first comment anyone makes.
Would the first letters of the words and the special characters in the two first sentences from a Swedish children’s song count as a good password? I’m pretty sure they can’t guess which one.
I’m an old Computer support and maintenance pro, so that might explain my attention to details when it comes to this :)
I hope this makes people take action securing their sites
That sounds pretty secure to me, Linda! :)
Yeah, I’ve taken a few more precautions on my server too, to lock it down. It’s definitely a big advantage to be familiar with the technology behind things.
Check on all five of these tips! whew!
Perfect timing after the global hackers on Word Press- sometimes all it takes it a wake up call. And I would rather be safe than sorry.
Awesome! Glad you passed all five, Denys. :)
I think the crazy number of hackings really did wake some people up, which is good. Security is important.
Michelle (and MJ), I’m visiting from the UBC. What a great post and great points. Thanks! I’m relieved, in reading your list, to see I’m doing all but one of those things. I have several WordPress blogs, and I don’t know how to back those up (although I have excellent drafts of each of the posts, together with the photos). I once wrote about a friend being m*rdered, and my blog went down because of that word. Horrible. And the post was really clean and positive, not dark or anything that a real reader would have removed it for. Clearly a machine scanning choice.
Would you like to do a followup blog on how to back up your blog? Or maybe you’ve already done that? Yes, I know I could migrate the blog to self-hosted, but I’m not ready; don’t feel up to it right now. Suggestions? Thanks!
Hi Kebba,
I’m exactly the same, I would like to know how on earth you back up your blog.
I too am on WordPress, if that helps.
Kind Regards
Tony
Backups are easy, use a plugin that backups your database and email it to your email account.
Hi Tony, if you’re on self-hosted wordpress you might check out the Backup to Dropbox plugin – http://wordpress.org/extend/plugins/wordpress-backup-to-dropbox/ Or Backup Buddy is a really nice premium option.
Hi Kebba, since you’re on wordpress.com, the best option I know of for a backup would be to do an export file under the “tools” option. That would give you a backup of your posts/pages/attachments, I believe.
Hi,
As I’m on wordpress, but not self-hosted, I too have attempted the backup procedure using export tools as suggested. However, it comes up with following error.
“This file does not have a program associated with it for performing this action. Please install a program or, if one is already installed create an association in the Default Programs control panel”
Please can you advise as to what to do next, eg. Which program do I need to read XML files?
Kind Regards
Tony
Hi Tony, that’d be a great question for your host, since every server setup is a little different. :)
Or, if you’re wanting to open an xml export file on your computer, you can use a text program like Notepad++ but it’s not really “human readable” format so it may look a bit funny with the code and data mixed up.
All great points and very close to home with the current WordPress issues.
Hey Jan, thanks for stopping by and commenting. It is a hot topic right now, and hopefully all the chatter raises awareness so more bloggers can get secured. :)
Thanks sooooooooo much for doing this Michelle..I sent a last minute post out last night to my list shouting to them to do this (and included your video link for installing WP Security). I had done most of these, although not Limit Logins. After a few challenges with bits that shut off my site I have that as close to “all green” as I can get it at the moment!
Many blessings, MamaRed
Your list is lucky to have you, MamaRed. If it takes shouting to get people to be secure then I say we shout — LOUD! ;)
And thank you for sharing my video, I appreciate that. :)
Michelle, really appreciate the heads up! I have gotten a bit lax about backing up my site, going to head off and do that now…
Hey Sherie, glad to hear that – go be safe! ;)
I take maintenance and the security of my WordPress sites seriously. And have done a pretty job since I’ve been on the internet
The one time I put my security at risk, I had a major problem,
I was building new website using WordPress and allowed someone to access my admin to assist me with a few tasks. (I had never used his services before)
I always changed my password after giving access to some one, this time I didn’t. As I closed my eyes that morning, my inner voice said “change your password.” I didn’t.
Just for fun, this person shut me out of my own site and added pornography. I won’t bore you with the details of the time and energy spent to fix this problem, even with the help of my hosting company. Long story short, I took down the site (it was new) and started from scratch.
Caution – Be careful who you allow to access your admin. Don’t allow price to influence your decision, and always change your passwords, unless it’s someone you’ve been working with for a while.
Good luck, trust your intuition and keep your sites safe.
Wow, that’s awful, Adalia! :( I’m so sorry you had to deal with that. It IS tough to know who to trust to help us with our websites. Thank you for sharing this to warn others and demonstrate just how important it is to be careful who we give admin access to, and how quickly we secure access again when helpers are done with their work.
Just shared these great tips in several groups. Thank you. I never considered that those strange comments were malware.
Great article with great suggestions…
Hey Rose, thanks for stopping by. :)
It’s important that everyone that has a site do all they can to keep it safe and sound for their site’s visitors. But so many just don’t realize how vulnerable sites are to hacking.
Thanks for providing some basic steps that everyone should be doing.
Dear Michelle,
When we read our comments, what are we supposed to do if we suspect something isn’t exactly right? Thanks, Debbie Seiling
Hey Debbie, great question. If I feel like a comment is spammy (it’s obvious they didn’t read the post) and/or the link is strange, I just delete it or mark it as spam. If I get the feeling it’s actually malicious (I see code in the comment, lots of weird links, etc) then I’ll mark it as spam so no future comments get approved from the person/robot.