You Have Been Hacked Sign illustrationIf you run a small website as a hobby or business, you probably don’t think hackers would take a second glance at it—until one day you wake up, and your entire site is trashed. The fact is, many small business websites run on content management systems like WordPress; which hackers love because the native install leaves your site wide open to a variety of easy target hacks.

You may not even have data that’s valuable to a hacker, but sometimes they do it for fun, or more likely, they do it because they hope to add your server to a malicious botnet that sends viruses out into the world. The Internet security company Sophos reports that 30,000 websites (large and small) get hacked every day. The only way to avoid issues with hackers is to take matters into your own hands.

Stay on Top of Software Updates

Web servers use many types of scripts and software, all of which need to be updated. In most cases, your Web hosting company keeps the operating system on your server up to date. The only exception to this rule is if you have an unmanaged server, which leaves up-keep entirely in your hands. Go with the latest stable release and any security updates the developer makes available. You also want to keep scripts updated, especially popular ones such as WordPress. They’re widely used, so hackers focus on breaking into those scripts to maximize the amount of damage they do.

Change Passwords Frequently

Even if your Web server doesn’t get compromised directly, other sites that have your login information might. If you use the same username and password across multiple sites, you’re going to have a bad time if they try to use it on your server account and end up gaining access. Change passwords monthly or more in order to thwart these kinds of attacks. Password managers make this process easier than you might assume.

Lock Down Folder Permissions

Some scripts like asking for far more folder permissions than they actually need. Lock down all of your Web server folders as much as possible. Don’t allow auto-updating scripts if they require a wide open folder to perform the process. Look for folders with file permissions set to 777. This allows anyone to read and write to the folder with the appropriate method, and it’s easy for hackers to inject their scripts and code into open folders.

If You’re Hacked

The first thing to do is inform your Web hosting company, so they can take appropriate measures to secure your server. If you have an unmanaged server, you still want to tell your host, as they are probably more than happy to help you out (if only to stop the server from infecting the rest of their network).

Once you’ve secured the server and cleaned it out, keep an eye out for identity theft problems. Hackers can use customer data and your personal data to sign up for credit cards, utilities and apartments in your name. You don’t want to have an unknown bill coming to you years later or debt collectors pounding on your door.

Author: Chris London owner / art director at Pixel Productions Inc., says the hacks that hears about most often are typically some type of spam injection attack on WordPress sites that simply install WordPress with no other form of protection such as Bulletproof security, login lockdown or that have left commenting open without moderation.