I’m a pretty big stickler about updates. Update your software, do it often – it’s my number one hacking prevention tip. At least once a week I login and run updates for my own sites, as well as clients on our support packages. Sometimes more than once a week even. I’m regularly running updates because I know they are super important.
On February 1st, an update to WordPress was announced. It was a security patch taking users from WordPress 4.7.1 to 4.7.2. A few days later I ran all the updates for my sites and client sites, but I was too late. A number had already been hit with this particular content injection. Luckily, this particular hack didn’t load any malware or ruin sites completely, just posted a blog post or two that said “You’re hacked!” and was pretty easy to clean up. (Restore from backup, run software update.)
But of course, it’s embarrassing to find this on your site, even if it is a simple clean up.
There is no such thing as 100% hack-proof.
I have people come to me after they’ve been hacked, and they ask me to make it so it never happens again. I can’t promise never. The nature of working on the Internet is that sometimes things can sneak in. Instead, we work at prevention. We take steps to make sure sites are secure in as many ways as possible.
How to reduce your chances of being hacked
- Use strong passwords. Seriously, do not use your kids’ names, your dog’s name, or your birthdate. My friends know if they mention passwords to me they’ll get a 15 minute lecture on password security. And for goodness sake, stop using the same password for every account you have. (And your online bank account should be HELLA secure and never used in any other place!)
- Run updates. Run them often. I run updates at least once or twice a week, and one still snuck by me. It happens. But imagine how bad it could be if updates had never been run? It would be bad. Updates come out for a reason.
- Configure your site securely. Don’t give access to anyone who doesn’t need it, use a security plugin like iThemes Security or WordFence. You can configure these so you know the minute someone tries to break into your site.
I could go on with security tips all day, but those are my top three that are easy for almost anyone to implement.
The only way to have a 100% hack-free websites is to not have a website.
And since for many of this, not having a website is not an option, the best thing we can do is take steps to prevent a problem in the first place. Even if you don’t get much traffic. Even if you think “nobody would want to hack my site.”
Risk is never zero, so take steps to reduce the chances.
Amy Masson
Amy is the co-owner, developer, and website strategist for Sumy Designs. She's been making websites with WordPress since 2006 and is passionate about making sure websites are as functional as they are beautiful.