How to protect your website from hacking
In light of the recent UK cyber-attack on the NHS the issue of website security has been in the spotlight lately with many business owners and clients wondering about the best ways they can keep their website safe from the hands of internet hackers. It’s estimated that there are over 1 billion active websites on the internet, which can make your site feel like a tiny speck that can barely scratch the surface of the world wide web, but you should also understand that this makes website hacking a powerful and lucrative business with the ability to cause a lot of destruction for both large and smaller businesses.
At Green17 Creative we invest significant time and money in online security to ensure we can keep our client's data safe and secure at all times. In this article we’re explaining a bit more about the definition of hacking, how you can protect your website, and what to do if you think you’ve been hacked.
Firstly, what is hacking & why does it happen?
Hacking is generally referred to as unauthorized access to your website, computer or network with the aim to illegally steal your information, data or server for malicious activities or attacks. You may not think there is “anything worth stealing” on your website but remember that this may not be the goal of the hacker. Many hackers will try to break into your website to gain access to the server its sits on to send email spam to your network which infects others, to deface your public-facing website, or (in the case of the NHS cyber-attack) to use ransomware to block or threaten access to customer and business data without paying a high ransom or fee.
How can I protect my website from hackers?
There are a number of ways to protect your business website from hacking and adopting these best practices will save you a lot of time, money and numerous headaches if your website does fall victim to a cyber-attack. Here are a few of the most important approaches to website security that you should take today:
Keep Passwords Secure
Do you know what the most common password of 2023 was?
Answer: 123456
Top 20 most common passwords of 2023
| RANK | PASSWORD | TIME TAKEN TO CRACK | NUMBER OF TIMES USED |
|---|---|---|---|
| 1 | 123456 | < 1 Second | 4,524,867 |
| 2 | admin | < 1 Second | 4,008,850 |
| 3 | 12345678 | < 1 Second | 1,371,152 |
| 4 | 123456789 | < 1 Second | 1,213,047 |
| 5 | 1234 | < 1 Second | 969,811 |
| 6 | 12345 | < 1 Second | 728,414 |
| 7 | password | < 1 Second | 710,321 |
| 8 | 123 | < 1 Second | 528,086 |
| 9 | Aa123456 | < 1 Second | 319,725 |
| 10 | 1234567890 | < 1 Second | 302,709 |
| 11 | UNKNOWN | 17 Minutes | 240,377 |
| 12 | 1234567 | < 1 Second | 234,187 |
| 13 | 123123 | < 1 Second | 224,261 |
| 14 | 111111 | < 1 Second | 191,392 |
| 15 | Password | < 1 Second | 177,725 |
| 16 | 12345678910 | < 1 Second | 172,502 |
| 17 | 000000 | < 1 Second | 168,653 |
| 18 | admin123 | 11 Seconds | 159,354 |
| 19 | ******** | < 1 Second | 152,497 |
| 20 | user | 1 Second | 146,233 |
Despite a widespread understanding that all passwords should be strong and unique for each online account, more than 50% of people continue to use highly predictable passwords like 123456 to keep their personal information and intellectual property protected online. Even if you think you are using a secure password for your website take a moment to ask yourself these questions:
- Do I use this for other websites/systems? Where? How many?
- Do I use upper case, lower case, and numbers for my password?
- Have I changed my passwords in the last 6 months?
Protect yourself with a strong password which you change regularly, or better still use two-factor authentication which is now offered through many sites like Google and Twitter. This 2-step process will also send you a text message with a code or use an app to verify that you are logging in.
If remembering all of these unique, strong passwords is too much of a challenge, then fear not, for help is at hand. Convenient applications like 1Password store all your passwords in one secure place, auto-filling them into each website you visit regularly. This makes it easier as all you need to remember is one master password.
Keep Software up to date
Running regular updates to your website’s software and plugins should be a key exercise to help keep your data safe and secure. If you use a managed hosting solution then it will be your hosting company’s job to keep the operating system secure and updated. Regarding your website CMS and plugins, depending on your chosen solution and who built it for you, this will either be assigned to your website agency, or you will be expected to ensure these security updates are installed. The Content Management System used should always notify you of available updates when you log in.
Invest in a reputable hosting solution
This leads on to our third recommendation – make sure to use a good hosting solution. There will always be cheap hosting solutions available which can be tempting for businesses but the risks with these companies can far outweigh the cost-benefits. The hosting company who manage your website should ensure that your server is both physically and virtually protected at all times, with protection again Denial of Service attacks, virus scanning and more. Talk to your hosting provider today to find out if you need to make the amendments to protect your website’s security standards.
Install an SSL certificate
SSL certificates are used to encrypt the data being passed from a web browser to the website server so it is passed through securely and out of reach from hackers or identity thieves. You may notice these certificates on many websites which use a green bar or padlock, and use https:// instead of http://. There are a number of benefits these certificates can bring to business websites but website security for your users is ultimately the biggest advantage. SSL certificates can be purchased and set up by your IT company or website developer, and should be renewed annually to maintain a high standard of website security.
How do I know if my website’s been hacked?
Hacking is mostly not difficult to spot if you visit your website regularly and or have a team working on the website on a frequent basis. For those who tend to their website only occasionally it’s important to make a schedule to maintain your website and check its security features on a regular basis, to avoid becoming a victim of website hacking.
If you think your website has been hacked normally you may notice one or more of the following things:
- The website has been defaced, content and images have been changed or deleted.
- The website now redirects traffic to an unfavourable or illegal site
- You have been notified by Google, Bing or your website browser (Safari, Chrome) that your website may have been compromised
What to do if your website has been hacked
If your business website does fall victim to a cyber-attack the first and most important thing to remember is not to panic. Contact your website developer and alert them to the issue, and the decision will be taken to either take down the website temporarily until the issue is fixed, or restore the website using a backup (your hosting solution should include regular backups of information to the server for use in emergency situations like this).
Make sure to change all passwords on your website, replacing them with strong passwords which have a combination of upper case, lower case, numbers and symbols. If you have used the same password for your website as you use for other accounts you own e.g. social accounts, online banking etc make sure to change all of these to avoid these being compromised by the attacker. Make sure they are all using different passwords.
It’s important to have a strong IT support team to help your website recover from a cyber-attack. It can be very difficult to completely remove the malware which has infected the website however your IT team should be able to deal with this and recover the website with minimal damage. The next step will then be to identify any weaknesses or vulnerabilities in the website which could have led to the hack, and fix these as soon as possible.
Once your website has been fully restored make sure to follow best practices for website security going forward (by this time it should be at the top of your to-do list) and make sure to review this regularly.
As a web design agency, we invest significant time and money to adjust to the latest threats to help keep all client data safe and secure at all times. We hope you find this information useful to help increase your website security and protect your company or business from being affected by hacking.