Did your website get hacked or attacked by malware? If the answer to that is yes, then I would say early on in this part of the article – get yourself a web security expert.
If you don’t have the know-how in this field, then it’s best to leave these things to the professionals.
I, myself, had a few encounters with hackers, a few of the websites that I was handling had been hacked or attacked by malware.
One way that I was able to determine that the sites got hacked was when I tried to search the index pages in Google, and Google was returning search results with pages in foreign languages, and about gambling and CBD – topics that were not relevant to the sites.
My sites were used for blackhat SEO purposes, and God knows what other things hackers use hacked websites for.
My next course of action upon finding out that the security of those sites has been compromised was to change the logins of the website, cPanel, and the hosting account, I contacted the hosting provider to inform them about the hacking matter and ask the help of a security specialist.
In the process of retrieving back the hacked sites, I learned a thing or two about how to secure your website from malware attacks and getting hacked.
Below are some steps you can take to enhance your website security:
-
Use a long and unique username and password.
-
Use the latest version of the applications like WordPress, Joomla, and Drupal.
-
Add an SSL certificate to your website and use HTTPS protocol.
-
Install security plugins on your website.
-
Ensure plugins, modules, and extensions are up to date.
-
Enable 2FA on your website.
-
Enable SiteLock Website Security in your cPanel.
-
Install an anti-virus to your device.
-
Keep a regular backup of your site.
-
Only install the needed plugins and one theme as much as possible.
-
Never share logins with people who are not supposed to have them.
-
Avoid connecting to a public internet.
-
Get a good web hosting company.
-
Hide your website login page.
Use a Long and Unique Username and Password
Undeniably an old defense method that works effectively! The longer and more unique your username and password combinations are, the harder it is for bots to decode them.
A brute force attack is a method where hackers try to gain access via your login page by using different combinations of your login credentials.
In WordPress, installing a plugin called Limit Login Attempts can help block those brute-force attacks.
Use the Latest Version of Applications like WordPress, Joomla, and Drupal
Keeping up to date with the latest version of the application is very important!
Aside from new features being introduced, improved performance, and bug fixes, having the latest version of your application also includes addressing existing security vulnerabilities.
The one thing you must mind though when updating to the latest version is compatibility because sometimes there are newly introduced features that might conflict with your existing theme or plugins.
So, it’s best to get a backup first of your website before doing so.
Add an SSL Certificate to Your Website and Use HTTPS Protocol
SSL or Secure Sockets Layer or updated recently as Transport Layer Security is a cryptographic protocol. Its primary role is to provide secure communication between systems over a computer network.
A website that is secured with an SSL certificate displays the HTTPS in its URL.
HTTPS stands for Hypertext Transfer Protocol Secure is an encryption protocol. It encrypts the data being communicated between systems.
To simply explain, consider this example:
A message with no encryption:
I have a message for you.
A message with encryption:
Mbsgd4^43(0362#&635+ejYE75KSN8%JdhrbiORB%2!msTEV8
Now, with encryption, it will make it harder for hackers that are snooping on your network to eavesdrop and tamper with your exchanged data.
Install Security Plugins to Your Website
This is a must! Most security plugins nowadays offer these valuable security features:
- Web Application Firewall
- Malware Scanning
- Brute Force Attack Protection
- Security Hardening
- Anti-Spam
- File Change Detection
- Limit Login Attempts
In WordPress, there are a lot of good security plugins that you can install on your website for free.
Best WordPress Security Plugins:
- Wordfence Security
- Sucuri Security
- All-in-One WP Security & Firewall
- iThemes Security
- BulletProof Security
- MalCare Security
Ensure Plugins, Modules, and Extensions are Up to Date
One of the main reasons why websites get attacked by malware is because of outdated plugins, themes, modules, and extensions.
Developers constantly update their products to patch vulnerabilities to avoid hackers exploiting any loopholes, and to fix bugs to further optimize website performance.
The latest version of WordPress offers the option to automatically update plugins and themes.
If you don’t want to manually enable this option every time you install a plugin and theme, some plugins can automatically do this for you like Easy Update Manager, Updater, Companion, Auto Updater, and WP Auto Updater.
Enable 2FA on Your Website
I highly recommend enabling two-factor authentication on your website and cPanel! 2FA adds an extra layer of protection when logging into your website and cPanel.
WordPress has a two-step authentication feature where it requires you to verify your mobile phone by sending a code.
In the event a hacker can guess your login credentials, 2FA will deter any further unauthorized access to your website as the hacker would need to possess your mobile phone just to get that verification code.
Enable SiteLock Website Security in your cPanel
SiteLock is a security software that helps to protect your site from cyber threats such as malware, viruses, DDoS Attacks, phishing, and malicious codes.
SiteLock scans and finds these threats and removes them and sends real-time notifications to you.
Usually, hosting services offer SiteLock as a premium add-on option.
Installing SiteLock will save you time and effort from all the manual labor of making your site secure.
Install an Anti-virus to Your Device
Viruses and malware are something inevitable, at least that’s how I see it, at some point, the longer you are connected and doing stuff on the internet, eventually, you’re bound to encounter them.
How does your computer get infected you say?
Viruses and malware commonly infect your device via downloading infected files from email attachments, malicious websites and software, torrents, and infected USB drive to name a few.
There are just a lot of gateways where viruses and malware can infect your device, let alone you know how to detect one, that’s why installing anti-virus and internet security into your device is crucial and will help you fend off these nasty attackers.
Below are the most popular anti-virus and internet security:
- Bitdefender
- Norton
- McAfee
- Microsoft Defender
- Malwarebytes
- Trend Micro
- Kaspersky
- Avast
- ESET
- Avira
Keep a Regular Backup of Your Site
Keeping regular backups is a tedious job for me to be honest, but worth every effort. Simply because if something happens to your websites or your hosting service, you have a backup to turn to.
All hosting service provides backup may it be daily, weekly, or monthly, depending on what they offer.
Although, if something happens to your website, you can log in to your cPanel and just restore the backup from there, it’s best to also download a full backup of your website on your local computer.
The reason being is that on the rare occasion that something happens to your hosting provider, you have a full backup saved in your computer. It literally will give you peace of mind.
In cases where you completely lost your website, there’s hope left, and that is the Wayback Machine.
Wayback Machine archives pages of websites, you can at least retrieve the content and images from there.
Only Install the Needed Plugins and One Theme as Much as Possible
Do not leave any plugins and themes installed if you’re not using them. Aside from they eat space, outdated and abandoned plugins and themes pose a security risk as hackers use them to inject malware into your sites.
Never Share Logins
Never share logins with people who are not supposed to have them. In a work setting, sometimes some applications are shared by the organization, and you need to share those logins.
I highly recommend using reliable password managers like LastPass and 1Password as these will not only store and protect your passwords but also offer an organizational system for all your company’s login credentials.
Avoid Connecting to a Public Internet
Connecting to public Wi-Fi presents avenues for hackers and cybercriminals to exploit the security flaws of the open network. Public Wi-Fi is an unsecured and unencrypted connection that gives cybercriminals the opportunity to eavesdrop on your online activities.
The notion of free internet access might be cool, but it poses a tinge of security risks. There is one notorious way cybercriminals exploit these types of open connections, and that is the MITM attack.
Man-in-the-Middle Attack is where the attacker inserts himself in the conversation between the user and the server. The attacker is then able to intercept the exchange of information between the two parties.
In cases where you need to connect to a public Wi-Fi, I highly recommend using a virtual private network. A VPN will encrypt the traffic between your device and the VPN server.
Below are the best VPN services:
- ExpressVPN
- NordVPN
- IPVanish
- Surfshark
- ProtonVPN
- Private Internet Access
- CyberGhost VPN
Get a Secure Web Hosting Company
If there’s a short list of how to harden your website security, getting a secure web host will be in the top 5.
Web hosting services offer security solutions such as spam protection, anti-hacking systems, anti-virus and anti-malware protection, DDoS protection and mitigation, account isolation feature, hardware protection, network, and web application firewall, data backup, brute-force protection, malware scan and reports, hotlink and password protection, and server monitoring to name a few.
When you’re browsing for a web hosting provider, take time to review and compare web hosting features.
Hide your Website Login Page
Now, I’m not completely sold out on this idea, because according to this website security article from Malcare, hiding your login page doesn’t do much.
But I tried anyway, and it did somehow lessen the number of login attempts to my websites.
Key Takeaway
According to this Norton Cybersecurity Insights Report 2016, “76% of people are growing increasingly aware of the need to protect their information online but are not motivated to take simple steps to stay safe online.”
With how hackers and cybercriminals are honing their skills to up their nasty games nowadays, we should be proactive in coming up with countermeasures.
