As a webmaster, is there anything scarier than the thought of seeing all of your web developed work being altered or wiped out entirely by a nefarious hacker? You’ve worked hard on your website – so take the time to protect it by implementing basic hacking protections!
Keep your installed scripts, add-ons and systems up to date
One of the best things you can do to protect your website is to make sure any platforms or scripts you’ve installed are up-to-date. Because many of these tools are created as open-source software programs, their code is easily available – both to good-intentioned developers and malicious hackers. Hackers can pour over this code, looking for security loopholes that allow them to take control of your website by exploiting known platform and script weaknesses.
As an example, if you’re running a website built on WordPress, both your base WordPress installation and any third-party plugins you’ve installed may be vulnerable to these types of attacks. Making sure you always have the newest versions of your platform and scripts installed minimizes the risk that you’ll be hacked in this way – though this isn’t a “fail safe” way to protect your website.
Install security systems if possible
To enhance the security of your website once your platform and scripts are up-to-date, look into security plugins that actively prevent against hacking attempts. Wordpress and other content systems have lots of tools for this. These tools can address the weaknesses that are inherent in each platform, foiling additional types of hacking attempts that could threaten your website.
Lock down file and folder permissions
All websites can be boiled down to a series of files and folders that are stored on your web hosting account. Besides containing all of the scripts and data needed to make your website work, each of these files and folders is assigned a set of permissions that controls who can read, write and execute any given file or folder, relative to the user they are or the group to whom they belong.
As you might expect, a file that is assigned a permission code that gives anyone on the web the ability to write and execute it is much less secure than one that’s been locked down in order to reserve all rights for the owner alone. Of course, there are valid reasons to open up access to other groups of users, but these instances must be carefully thought out in order to avoid creating a security risk to your website.
For this reason, a good rule of thumb is to set your permissions as follows:
- Folders and directories = 755
- Individual files = 644
What to Look For in a Hacked Account
In all cases, we recommend resolution of your issue through some sort of professional service, whether this is done by our Security department or through SiteLock. However, if these options are not available, you may wish to consider removing files or directories which have been recently added and which you do not recognize as part of your site. Things to look for include:
- Strangely named files or directories (i.e: xf8c3l.php or /home/username/public_html/wellsfargo).
- PHP files located in image folders.
- Base64 or other encrypted injections inside of site files which can be removed using file editors.
