Keeping Your Site From Being Hacked (And Recovering If It Is)

You might be wondering, if you are a long time reader, what inspired the bright and shiny new look of The Amateur Financier. Well, as you might have noticed by following my Twitter feed (it’s @amateurfinance for those of you who aren’t already regular readers), I was hacked on Saturday. I have few ideas of who actually hacked me, although with the Turkish comments and the reference to Muhammed, I’m going to assume they weren’t American citizens

 Keeping Your Site From Being Hacked

At times it can be tough to handle the ability of people you’ve never met, those who live on the opposite side of the world and speak languages you’ve never heard, to be able to break into your website and alter what you’ve published. Luckily, there are some things you can do to help keep your website from being hacked (and if you, like me, ARE hacked, we’ll look at how to handle that event, as well).

Nowadays, it seems that nearly everyone over the age of three has their own website. Unfortunately, that makes it all the easier for would-be hackers to find potential targets, whether to steal some money, steal some data, or simply put some nonsense up on your pages. There’s no way to prevent ALL such attacks, but if you stick to the following instructions, you should be able to diminish the chances.

1. Make Strong Passwords: I know you probably have a few dozen passwords, covering everything from your email account to webhost to your site itself (and that’s not even counting all your personal passwords), and it’s pretty hard keeping up with them already, even when they aren’t thirty-eight characters long. The problem is that the easier and shorter your password is, the more likely it is that someone you don’t want to have the password will end up determining it, perhaps through computer programs. You need to create the sort of passwords that are indistinguishable from someone typing randomly on a keyboard, with lowercase and capital letters, numbers, and if your site allows it, symbols and punctuation marks. If you have trouble making (and remembering) strong passwords, you can take advantage of programs like KeePass, which enable you to generate and store passwords for dozens of sites. But even the strongest password won’t last forever; you also need to:

2. Change Your Passwords Regularly: No matter how complicated your password is, there’s still a chance that someone inappropriate either figures it out or manages to get it. To prevent either situation, you should make sure to change your password on a fairly frequent basis. How frequent, you ask? Well, I’ve suggested doing so every six months in the past, although, as I was planning to change my passwords today and apparently that wasn’t quick enough, I should probably speed things up to every three months, or perhaps even every month. Better to go as often as you can handle.

3. Keep Your Site Up To Date: There’s a lot of bad stuff out there, viruses, Trojan horses, and all sorts of other less-than-good programs that unfriendly people hope to get onto your site. One good way to limit the damage it can do to make sure that your site software is up to date, to ensure that your site script is as strongly secured against modern viruses and other malware as possible. It might not prevent everything, but it will put you in the best position to fight off such attacks as you can be.

4. Backup Your Website Data: Alright, this is less a way to keep your site from being hacked, and more a part of how to deal with the situation if it does. It’s far from the ideal solution, but if you find yourself with your blog in a situation that is impossible to recover from (or if you, like myself, lack the programming knowledge to do so all yourself), having backed up data will enable you to restore your data

What Happens If You Get Hacked

Alright, let’s say you stick by all the advice above (or otherwise did your best to prevent being hacked) but still ended up being hacked. It’s frustrating, disturbing, and more than a little bit frightening; trust me, I know. But it’s important to not panic, keep your head together, and try to follow these useful tips:

1. Don’t Blame Your Web Host (But Do Consider Asking For Advice): It’s tempting to look at your web host and think that being hacked was all their fault; it was one of my thoughts on Saturday. But they aren’t the ones who created your website, or made the passwords, or… well, you get the picture, it’s not their fault. If you are unsure of what to do to handle the hacking (or prevent a future one), you might want to contact them to get their perspective on the manner; I contacted my web host (DreamHost), and got a few response emails with good advice on how to repair and shore up my blog, most of which I’m still trying to apply. But it’s not their responsibility to keep your blog or other website safe, nor is it their fault if your site is hacked, so don’t act like it is.

2. Try to Repair the Damage: Depending on how extensive the damage to your site was, and how skilled you are with programming-type issues, you might be able to handle the issue on your own. It’s not always an easy task (particularly if you, like me, are more comfortable with the writing part of blogging than the web part), but there are lists of things to do as you try to work through the trouble, in order to get your site back up to snuff. Of course, if one or more of the steps is beyond your skills, you can consider trying to:

3. Get Outside Help: Not everyone can do everything; that’s what civilization is all about, after all. You may not be an expert at programming, webpage scripting, or many of the other issues involved in the more technical side of hosting a website, but chances are that you know someone who is (or can find someone if you haven’t already). It might prove to be a bit pricy, but in turn it allows you save quite a bit of time and effort if you don’t know how to handle the situation otherwise, to say nothing of insuring a better chance of things being done right. One thing your tech help might suggest is:

4. If All Else Fails, Reload a Backup: Hopefully, you’ve been making data backups on a regularly basis (and storing them in a manner that you can access the backup files). If so, you can use that backup to restore a previous, un-messed-with copy of your site which you can use to restore your website to a previous state, before things went wrong. Depending on how often you make your backups, though, you could end up losing days, weeks, possibly even months of work if you don’t regularly run a backup program. It’s not the first option you want to consider, but if its your only choice, it’s good to have it available.

There you go, some advice on preventing your site from being hacked, and on how to deal with it if it does happen to you. How do you defend against possible hacks? What would you suggest to someone who has been hacked to get their site fully back in order? (I’d love to hear any suggestions you have.) What do you think of my site’s new look?