Here at DS Hosting we know how it is, you’ve got a business to run and you don’t have time to learn how to do all the technical stuff to secure your website from being hacked.
Or, you handed your virtual assistant “technical” things, but secretly do not know what they need to do, and it’s not their area of expertise. Then someone tells you that your site has been hacked-when they visit your site and it redirects to something inappropriate.
This is the last thing you need.
Website maintenance, especially security, can be confusing and can easily be passed off time and again.
If you’re not a famous blogger or a business owner, it’s easy to think of your website as safe from being hacked, but this isn’t necessarily the case.
Hackers look for vulnerable websites and create code designed to force their way into your site. Think of it like leaving your window open on your car when leaving in a parking lot, you create a vulnerability that will attack thieves act.
If your site is vulnerable, it becomes a target for hackers.
Heard enough? Check out Website Security plans from as little as $4.99 a month.
What makes your site vulnerable?
Here’s just a few easy things you can check and fix yourself-now to help make your site secure!
1. Do you use the latest WordPress?
Make sure the latest version of WordPress is running on your site. You can check the current WordPress version by visiting the WordPress.org site.
When you log in to the dashboard, a notification bar will appear at the top of the page to let you know if an update is necessary.
If you are running a version earlier than 3.7, you need to make these updates yourself. For version 3.7 or later, minor updates are applied automatically, but major updates need to be performed manually.
Check out one of our WordPress Managed Hosting plans to keep your site automatically up-to-date with the latest version of WP to ensure security.
From WordPress Codex:
With WordPress 3.7 or later, you do not have to release your finger to apply minor and security updates. Most sites can apply these updates automatically in the background. If your site can be updated with one click without entering FTP credentials, your site should be able to update from 3.7 to 3.7.1, 3.7.2, etc. Feature release. )
Each new version of WordPress comes with feature and security updates, and bug fixes.
If you do not update your version of WordPress, you can have everything else right on your site but your site will be vulnerable.
2. Have you applied all the theme/framework and plugin updates?
It is important to apply theme and plugin updates as well. Older versions may contain security holes-this may also put your site at risk of hacking.
Before applying the update, make sure that you have a full backup of your site. See how to backup your site here.
Except for larger plugins like Woo-commerce, plugin updates are usually fine (usually)-please check your site for suggested updates.
For themes, if you have a theme framework (for example if you are using the Genesis framework), you can safely update your framework.
If you need to update a child theme, or if you are using a standalone theme, it is cumbersome to update if you change the style sheet or function file. If the theme has a “custom CSS” section and all the changes are there-updating should be fairly easy.
If you have any questions about updating the theme, please check with your web developer or theme developer.
3. Have you deleted all unused themes and plugins?
Unwanted code at your site can lead to malicious code being entered. This usually takes the form of unused themes and plugins.
It is easy to accumulate several different themes and various plug-ins on the dashboard. This is especially true if you are building your own site and trying out different look and features.
However, once you have created your site, it is important to delete unwanted items.
Quickly audit your site, remove all themes except the current theme (framework if using Genesis, etc.) and disable and remove any plugins not used at your site.
Then it would be wise to do another full backup of a clean and lean version of your site.
4. Do you have a secure login?
Many people use a one-click quick install to set up their site, and some hosts assign the name “admin” as your administrative username.
If you have “admin” as your login, you are a simple target for hackers.
It’s easy to fix this-just log out of your current user account with a more secure login, log in to your dashboard with new credentials, and delete and then create a new admin user. Old admin account
Also, make sure your password is a long trump complex.
And if you are struggling to remember your multiple passwords, check out 1Password. I have been using it since 2008 but without it.
How do you know if your site has been affected?
The average website owner thinks that everything is fine if they can see their site on their own computer.
Not all hacks replace your website with ugly images and scrolling messages.
Your website is affected if you have experienced any of the following:
- People are complaining that your website is redirecting to a different site
- Host disabled web site due to security issues
- “This site has been hacked” or “This site may have been compromised” in Google search
- Clients complain that your website is flagged as anti-virus
- In Google / Bing search, search results show Viagra, Levitra, or other drug ads
- You are plagued by reinfection
- Google, Yahoo, Bing blacklisted your website
- Something is kind of offended-you are looking at strange activities
It’s important to act quickly
It is important to fix it as soon as possible once it is determined that your site has been hacked. Not only if your business relies on the sales of your website, for example, pornographic sites.
Your audience may not be as familiar with the web as you know that your site is hacked.
Also, hacked sites can lose nearly 95% of traffic in just 24-48 hours if not fixed immediately.
Hacked sites can also expose your customers’and readers’ personal and financial information, even turning your site into a host of dangerous malware and illegal content and taking great responsibility.
How do you fix this?
You have a number of options:
1. Contact the host and ask if you can solve the problem.
Unless you have a high level of managed hosting (like our WordPress Managed Hosting) that specifically states that you manage security for you, they are unlikely to do anything.
If you are using a low-cost shared hosting, you can solve the problem with an instant security package to fix your site right away for a little as $249.99. It is of course cheaper to proactively secure your site.
2. Contact the person who created your website and asks them to fix it.
Not everyone who creates a website understands the security aspect.
It is likely that your webmaster doesn’t understand security enough to be able to fix the situation. If so, they would have already implemented preventive security measures and registered you for some security surveillance service.
3. Get a service to remove malware
Many hosting websites provide services to remove malware from your website starting from 4.99$/month. These services include fixing your hacked website, expedited malware removal, Protect one site, 30-minute response time, malware removal and much more related to website malware removal.
As long as you keep your license active, you will be notified if anything happens, which means you know which of your backups are clean and which ones need to be deleted (because they could be corrupted or contain malware).
A word of caution: Website backups are important but not enough on their own
Backup is closely related to security-these two works well.
I mentioned above that you should perform a full back up before you make updates to your site (WordPress, themes, plugin updates).
However, just backing up without security oversight may continue the problem.
Without security surveillance, you do not know how late the hack happened (it may have been hacked for a while and you may not know it).
Just restoring an old backup does not guarantee that the backup is clean, and you can use the same malicious code to reinstall your site.
If you’re concerned about the security of your site, take a look at our website backup and website security plans starting from $2.39 a month, and rest easy knowing your site and its visitor are safe!