If you’re lucky, you’ve never had your website hacked. Like many forms of security it isn’t about if, but when, the security gets broken. So how is your website security?
For many years I thought myself lucky, I had never had my house been broken into. The mess and bits missing is one problem, clearing up the grey powder left by the finger print people is another – the worst thing is the thought that somebody had been through my private palace (well, house).
My house was secure, or so I thought. It seemed to happen to other people, but never me. I was careful, I locked my doors and windows. Then it happened. Just after recovering from the upset, and adding another lock it happened again. Then I got an alarm system, no more problems…….for a couple of months.
A security advisor reminded me of something I’d learnt a long time ago. Buying security isn’t about stopping the problem, it’s about making the burglars job harder (and hoping they go elsewhere).
How is your website security?
Maybe you’ve never had your website broken into, and maybe you think nobody would bother as there’s nothing of interest in it. But here’s a thought:
If a hacker breaks into your website, they can use it for their own means and deny you access to it.
What might a hacker want your site for?
A while ago a friend had her site hacked. She didn’t notice for a while, until somebody asked her about the “ISIS page” it was displaying.
What website security do you use?
“Ah well my site isn’t wordpress and therefore it’s secure” – WRONG.
- Your password: Having a weak password is abit like just having a flimsy bolt on your front door. It might keep the door shut, but it won’t stop anybody. Hackers just throw seemingly random numbers and letters at your website until they get in, or give up. If you have a common word, or a short password, you’ve made it very easy. If you want to keep them out, how about a 12 character word, including upper case, lower case, numbers and “£$%£$ symbols. I know it’s a pain, but you’ve just made it a lot harder for the to break in.
- The key is under the mat: My gran used to leave a spare front door key under the mat, seems crazy nowadays. The digital equivalent is to have the same password for many accounts, or to make it easy to access (on your mobile phone, in a book, or a word document in your dropbox come to mind). Sorry, you’ve got to remember it, or perhaps use a security system like LastPass (and some would say that’s not a good idea).
- Two factor authentication: One further thing you could do is to have two locks on your website, where the second one changes every thirty seconds. You access a six digit number from your mobile phone (which changes every thirty seconds and only appears on your mobile), and use that as well as your password. Now it’s a lot harder and the hacker may well go elsewhere. Google Authenticator gives your the numbers and also works on many big websites too (Xero, Google, etc), so you can make everything safer.
- Limited access: How many times have you been to the bank, forgotten your PIN and the cash dispenser has swallowed your card? There’s a version you can have on your website, so after three wrong numbers the site won’t accept anything else for 10 minutes, or longer. Another good way of slowing those hackers.
So, how’s your website security?