As you may have noticed, I was having some hacking related issues last week. They have, thankfully, been resolved now (although, I’m still trying to get a few of the side effects on other sites, like search engine results, properly cleaned up), but it reminded me, once again, of how easy it is to get hacked in the modern world. With so many different internet connections, it’s basically impossible to completely ensure that your site will never be hacked. If your site is known widely enough, it can be hacked even if you have entire departments on your staff devoted to preventing just that. (Just ask the FBI and CIA, among many, many others.)
Which is why this article is focused not on how to prevent your site from being hacked, but rather, how to ensure that if (or, assuming that the hackers are really after your site, when) your site is hacked, that you are able to recover quickly and painlessly. After all, regardless of how often you change your passwords and how good your security software is, it’s still possible for a dedicated enough hacker(s) to get into your system and do all kinds of things, from adding spam-style pages to your site to taking your site down completely.
Regardless of what you do, these sort of things can happen. That is not to say that you shouldn’t do things like change your password regularly and make it hard to guess; you want to make it as tough for the hackers as possible, after all. This article, though, is primarily looking at how you can be ready in case the hackers DO get into your site and cause mayhem of some kind or another. (I’m focusing on WordPress-based sites, as that is what I am most familiar with, but many of these tactics should work for any type of site.) Therefore, here are
10 Ways to Prepare Your Site For Being Hacked
1. Backup Your Data: If you listen to nothing else on this list, if you only do one thing that I suggest, if you take just a single step toward being ready for a hacking event, make it this: back up your data. Do so on a regular basis, and make sure that you can easily and effectively access it if your site runs into serious trouble. There are even WordPress plugins that can automatically backup your data and make restoring your site from a backup easier; I’ve been using UpdraftPlus with good results (including being able to recover from this latest hacking).
2. Keep Your Backups Handy: You can backup your site all you want, but if you don’t have your backups available to upload when trouble arises, they won’t do you any good. Make sure that you keep several of your backups, dating back at least a month (or possibly longer, if you particularly worry about a hacking incident going unnoticed), saved somewhere that they can easily be uploaded should it come to that. Many backup plugins allow you to easily transfer your backups to your computer or a cloud site, so it should be easy to keep them available, even if your site itself has been compromised. Speaking of keeping information elsewhere…
3. Save Your Posts Elsewhere: Going along with backing up your data, it’s a good idea to keep copies of the posts or other information you publish somewhere other than on your site(s). You might need to upload a backup that dates back days, weeks, or yes, even months, depending on how long ago the hacking occurred before you noticed it. It will save you a great deal of time and frustration if you don’t need to re-write all your latest posts on top of doing the work required to get your site up and running properly.
4. Keep Your Own Computer Secure: It’s worth remembering that there is a link between your computer, your browser and your site; hackers can use one to the others when they try. Being sure to check the health of your computer and your browser on a regular basis will help to ensure that your website stays healthy and functional, and vice versa. There’s lots of advice out there on how to keep your computer secure, including those from the FBI, which admittedly, isn’t perfect at this itself, but can give you some good ideas on how to start securing your computer.
5. Use the Right Plugins: There are going to be numerous attempts to hack any blog or other website with a reasonable web presence, a number that only rises as a site gets more popular. Luckily, there are also numerous plugins that can help you secure your blog from these attacks. I’ll admit, I haven’t found one that works completely (as evidenced by my recent hacking attack), but two that come highly recommended are Limit Login Attempts (to prevent ‘brute force’ attacks where hackers, or even administrators, simply try every password until they get in) and Better WP Security (which allows you to make numerous ‘tweaks’ to your security settings). Keeping plugins like this available should help you to prevent hacking success, and limit the chance of a hacker getting back in when you fix your website.
6. Be Vigilant: If you aren’t watching, it can be easy for a hacker to slip in and corrupt some of the pages you have posted (particularly if there are a huge number of pages you aren’t able to regularly revisit, as in a long-running blog). Watching your site and how it performs, and taking advantage of tools provided to webmasters (like those provided on Google Webmaster Tools), can help you catch any issues as soon as they develop, and limit the difficulty in getting your site back to its un-hacked state.
7. Learn What to Do: At some point, you might (or given enough time, probably will) find your site has been hacked, whether blatantly or behind the scenes. The more you know about how to handle the situation, the easier it will be to stay calm and approach things rationally. There are lots of different guides on how to handle hacking available, covering different situations and different methods on how to rectify things (with this particular guide being one of the most thorough I’ve seen).
8. Be Ready to Shut Down Your Site: There are a lot of different approaches suggested for how to handle a hacking situation, but just about all of them agree on one starting step: shut down your site. You want to ensure that you have the ability to work privately and fix your sit without putting your readers at risk (or giving the hackers more encouragement). One plugin I’ve found that works well in taking your site offline temporarily is Under Construction. While you don’t need to install it now (unless you’re currently handling a hacking incident), it’s worth keeping in mind for when you need to take your site offline.
9. Be Prepared to Upload a Backup : One of the best ways to ensure that you’ve completely eliminated all the malware or other devious programs on your site is to upload a backup from before you were hacked. It’s not the easiest (or most fun) option to carry out, and depending on when you last made your backup, it can mean replacing weeks or months of work performed since then. You might potentially even need to redo years of work, although at that point it’s probably best to just restart rather than try to redo everything. To avoid such a situation, remember to:
10. Make Regular Backups: Yes, once again, I’m going to remind you to make regular backups of your data; it’s one of the major reasons I was able to recover from my hacking incident so (relatively) quickly, and they will be vital if you are ever in the same situation and don’t want to have to remake your entire site. How often should you backup your data? I’d say at least every week, although if you publish a great number of articles or other new material, you might want to consider more frequent backups to minimize how much information will be lost when you upload. Combine these regular backups with those copies of your articles, as I mentioned before, and reviving your site won’t be nearly as hard (or impossible).