For those of us that own or operate a website, having it hacked can really be a huge pain in the butt! It can also lead to hundreds (if not thousands) of dollars in lost revenue. Having a hacked website can lead to lost sales, lost affiliate commissions, or brand damage! This guide on how to protect your website from hackers gives your some simple tips to protect your WordPress blog/website and its visitors from malicious attacks.
How to Protect Your Website From Hackers – Background
Raise your hand if you own a website and it has ever been hacked. OK – you can all put your hands down now 🙂 Many of us that have owned a website for any length of time may have gone through this painful very experience. The consequences of having your website hacked are numerous – having your website blacklisted by Google, losing links from trusted websites, losing traffic, losing revenue, and brand/reputation damage. The simple fact is, if you own or operate a website you really need to do everything under your control to reduce the chances that your website will get hacked.
MoneyAhoy.com has been around about a year and a half, and I only recently learned the best methods for protecting my website from hackers. Trust me – ignorance is NOT bliss here!
MoneyAhoy.com had been targeted by hackers a couple months ago, and I was able to resolve the issues myself after a couple of hours of modifying files with the help of Tech Support. A more recent attack (last week) proved to be more than I could handle by myself. Hundreds of files were modified – it would literally take me weeks to get everything straight, and there would be a high likelihood that the attack would recur. In fact, I had spent 4-5 hours on it and thought I had everything fixed only to have the issue spread to multiple other websites and bring my entire online presence to a complete standstill!
Yep, I have learned the hard way that it is better to be proactive about preventing hackers then wait to for something to go wrong before reacting… In an effort to give back and help my fellow bloggers, I decided to put together this simple guide on how to protect your website from hackers so that some of you can avoid the stress and headaches that I went through.
How to Protect Your Website From Hackers – Top Tips
Without further delay, here are my top tips for how to protect your website from hackers (this guide assumes that you are using WordPress for your blog/website)
1) Ensure you install all WordPress updates immediately for all of your blogs!
- You know that little “refresh” icon in the WordPress dashboard? Click it now and take care of your WordPress updates! I didn’t always stay on top of this, and this is the main way that hackers have broken into my blogs. Why didn’t I always install updates as soon as they came out? Take a look at tip #2 to find out how I had doomed myself to problems from nearly day #1!
2) Do NOT modify your theme “style.css” file directly!!! I repeat, do NOT modify your theme “style.css” directly!
- If you are tempted to make little tweaks here or there to modify your selected theme’s appearance, do NOT edit the style.css file directly for your theme! Any time a theme is updated, it will force you to choose between not applying the update or overwriting all of your changes and “resetting” the look of your blog. Because of this “feature”, this caused me to put off installing theme updates and WordPress updates. As a result, I opened myself up to and increased risk of being hacked.
- The only you should be modifying the look of your WordPress blog is create a child theme. Creating a child theme only takes and extra 3 minutes.
- A child theme basically a theme that “imports” everything from a base theme. You can then make changes in your child theme without affecting the original. When a new update comes out, your child theme will remain intact and the look of your WordPress blog won’t change.
- Seriously, I was almost crying when I found out how easy it was to create a child theme for blog appearance customization. Here’s a link to a helpful guide on creating a child theme that I used to figure this out.
3) Use a Strong Password for your blog hosting account and WordPress Login
- This one probably goes without saying, but I’m going to say it anyways. There are hackers that attempt to use brute-force to break into your hosting account and/or WordPress site to cause havoc and spread their attacks.
- Make sure that your password is at least 20 characters long, has upper case and lower case letters, and contains multiple special characters. This was a struggle for me because I am used to using simple passwords, but it really is needed to ensure maximum protection for your blog.
4) Install the WordPress Plugin Simple Login Lockdown
- This is the another good way to protect your WordPress blog against brute-force password break-ins. It limits the number of logins allowed before a temporary block is created. I have mine set to three tries and I’ve never accidentally locked myself out 🙂 It is a great tool to help stop hackers in their tracks!
5) Install the WordPress Plugin BulletProof Security
- This WordPress plugin protects against 100,000’s of different types of hacker attacks and essentially “locks down” your WordPress blog from known exploits. It comes highly recommended by my hosting company and others around the net!
6) Purchase Malware protection
- When MoneyAhoy.com was most recently infected with malware, I had no idea what to do. As I mentioned above, this latest hack had infected HUNDREDS of .php files on MoneyAhoy as well as my various other websites. It would literally take weeks to get everything straight and was just downright impossible for me to devote myself to at this point.
- My website host – Bluehost– wanted to charge me nearly $400 for a one-time cleaning and a service called SiteLock Professional that would prevent future attacks for one year. Umm…. NO THANKS! That’s way too pricey for me. Upon receiving my dissatisfied reply, the online chat techie at Bluehost offered me an alternate solution…
- He recommend that I turned to the pros at WeWatchYourWebsite.com . They perform a full cleaning and closely monitor your website for malware every 30 minutes. It costs $40 a year for the first website, and $20 a year for each additional website. The whole process was completed in a couple of hours. They even contacted my hosting company to unlock everything and contacted Google to remove my site from their “blacklist”! Talk about customer service! For $120 for a whole year, I was back in business and can sleep easy at night 🙂 (Note – I’m NOT being paid for this post by WeWatchYourWebsite.com , I’m just a very satisfied customer).
How to Protect Your Website From Hackers – Hacker Insurance
Once I finally broke down and admitted to myself that I needed help to clean my website, something struck me. We all purchase home insurance, car insurance, and life insurance for ourselves. So if you own a blog, why wouldn’t you purchase “hacker insurance?” That’s essentially the service that WeWatchYourWebsite.com and other companies like it are offering. For a small fee, you get peace of mind and can properly protect your revenue stream that your WordPress blog/website generates.
When I thought of it in these terms, it wasn’t too hard for me to make the jump and just fork down the cash for the protection. When I put it like that, it seems like I’m being shaken down by someone from the mafia or something 🙂 Anyways, I’ve only had my websites protected for a couple of days, and I can sleep better at night already!
How to Protect Your Website From Hackers – Final Thoughts
Maybe your are just getting started with blogging and you’re ready to move past the “hobby” stage. Or maybe you’re a blogging veteran and have been able to dodge the bullet from getting your website hacked. Either way, if you own a WordPress blog/website then you really ought to employ as many of the tips I am suggesting above as possible for your protection. Take it from me – I learned the hard way and want to save you from a similar fate!
I wish I would have come across a similar list of how to protect your website from hackers when I was first getting started with MoneyAhoy. I may not have listened to all of the suggestions (I am pretty stubborn, you know), but even one or two of these tips could have made a big difference for my sites. I’ve been hacked three separate times, lost thousands of hits, lost dozens of established links, and who knows how much $$$. Please don’t make the same mistakes I did and protect your WordPress blog/website today by following these tips on how to protect your website from hackers!
Clarisse @ Make Money Your Way says
My client’s website was hacked a few years ago. I told her immediately about it, thankfully her programmer fixed the issue immediately. I want to look this one Derek, Bullet Proof Security, I think this would be very helpful.
Clarisse @ Make Money Your Way recently posted…7 Tips On How to Keep Productive and Focused As a Freelancer
Derek Chamberlain says
Clarisse,
Yeah – BPS is a great tool and highly recommended. Let me know if you have any questions setting it up!
Jon @ Money Smart Guides says
Great information here. I was a victim of brute force attacks about a year ago. It was the first time I was targeted and it woke me up to the realization that hacking into my site was something I needed to address. I installed a few plugins and hired a guy that offers a service to watch over things and keep me protected.
Glad to hear you got everything back up and running.
Jon @ Money Smart Guides recently posted…E*Trade Review: Investing Made Easy
Derek Chamberlain says
Jon,
Hacking is definitely something that any semi-professional blogger should protect against. Any way to share the plugins that you use to help readers?
Amos @ Modest Money says
I wish I learnt this simple tricks too. I am having exactly the same problem as you were having. Now I have my five websites from my clients blacklisted by Google.
Not that I am ignorant-but I always modify my themes directly. That could be the real cause of the problems. Now I am just suffering trying to check the affected files 🙁
Amos @ Modest Money recently posted…5 Things You Are Probably Overpaying For
Derek Chamberlain says
Amos,
Sorry for the bad luck! I would highly recommend you check out that WeWatchYourWebsite company. They really are hassle free – and they submit all the “unblacklist” forms to google to get you back in business quickly!