As the cyber crime nightmare continues to be real each new day, it is time every website owner took some precautionary measures in safeguarding his or her website from theft or Hijack. Let us look at some simple and yet effective steps, one can take to safeguard his or her website from hackers.
Strong admin passwords
Believe it or not, there are so many websites that are hacked by what I would call amateur hackers. These are hackers that do not have sophisticated methods of hacking websites. They just look around for users that have weak passwords. If your wordpress powered website was www.yourblogname.com then having a password that has “yourblogname” as part of the password is a really bad idea. Try to keep the password secure by using words/phrases that are not related to your domain name and you will be much safer.
Change default directory structures
One of the greatest weaknesses in Content Management Systems (CMSs’) is their obvious directory structure. For instance, if you are using WordPress or Joomla for creating your blog, the hacker already knows the directory structure of your website. This is because the CMS’s generally have a predefined structure. The hacker will typically be interested in the admin folder and all he needs to access it, is type administrator after your URL for Joomla or wp-admin, for your WordPress blog. Luckily, you can overcome this limitation by either changing the directory structure, or by renaming the admin folder.
Change path to admin folder
If you are not a techie, changing the directory structure as suggested in point 2 above may not be an option for you. The safest solution would be to use a third party plugin that hides the path to the admin folder. I have used such plugins in most of my Joomla websites and the results are really cool. For instance, instead of entering www.mydomain.com/administrator to get to the backend of my joomla website, the plugin will change the path to something like www.mydomain.com?new=path . This way, a hacker will have no way of guessing the path to my admin folder. Whatever CMS you are using, you will get good lots of free plugins that can achieve this easily.
Check the Folder permissions
The folder permissions in Cpanel should not grant unauthorized users write privileges. As a rule of thumb, Files should have the permissions set to 644 and all folders should have the permissions set to 755. There might be instances when you need to reset these permissions to help you work on something on the website, but make sure to return them to the defaults as soon as you are done. You may want to login to your Cpanel, just to ensure that the proper file and folder permissions are being used and if not edit them accordingly.
One of the most common mistakes WordPress users make is allowing new users to register as admins. Any hacker can use this simple loophole to hijack your website. If you need user registration on your blog, make sure new users are set to register as subscribers then you can add the admins manually. Take care not to install plugins that might have some hidden scripts that reset these settings.
Strong Cpanel passwords
Having strong website admin passwords is not sufficient- you need strong Cpanel passwords as well. The Cpanel is the motherboard for your website. This is where the website can be brought down, deleted or completely hijacked. You should take measures like not sharing the passwords via SMS, or on printouts to avoid losing it to malicious people. Changing the password frequently is also recommended.
Keep your website updated
If your website is running on a CMS like WordPress of Joomla, make sure it is running on the most current stable version of the CMS. The developers of these CMS often realize some security loopholes and release patches. Never ignore the notification on your dashboard telling you there is a newer version of your CMS. You should also update the plugins you have installed on your website whenever such updates are available.
Don’t use plugins from untrusted sources
As a rule of thumb, only trust plugins that have been endorsed by the online community of the CMS you are using. Look for plugins that have 5 star ratings or at least 3.5 and above. Never install a plugin before checking the feedback from the other users. This will help safeguard you from installing plugins that have too many negative reviews from other users.
Don’t save passwords in the browser
When you save your passwords in your browser, anyone that has access to the computer can login to you admin area and take control of your website. In addition, there are more sophisticated ways of retrieving saved passwords in the browser. Hackers could create a script that will run on your browser, when you click a link concealed in an email. This program will then harvest your stored data and sent it back to them. There are safer methods of storing passwords in the browser e.g. using last pass plugin for Mozilla and Chrome.
Don’t use one password for all your websites
You should desist from using one password across the board. Remembering many passwords might be a big challenge, but that should not be an excuse for reusing one password for all your websites. The danger with that is if a hacker gets one password, it will be enough to hijack all other websites. Like a wise man once said, never put all your eggs in one basket.
There you have it. Never assume that you are safe because you have not been attacked. Rather, asses your risk and take necessary measures to mitigate the risks. You are only as strong as your weakest link. Your job is to establish your weakest link and strengthen it. All the best in protecting your website from hackers!