Unless

You...

Change your password

The majority of attacks aren’t from some arcane hacker technology – they come from hackers guessing your password; well, not exactly guessing it, but running a cracking algorithm. If your password is less than 6 characters and sounds like the pet name you gave your first crush – this is bad.

Your website is your business and it needs a serious password. Your password should contain letters, numbers, at least 1 special character (!) and be as long as possible; yes with passwords length actually is important.

Which sites?

Ideally everything you access online should be secure but I realize it’s a pain to have a long and difficult password when you’re accessing Email and Facebook all the time. These sites are the bare minimum you should change:

• Wordpress - where you log in to write your posts
• Host - where your website is hosted: Bluehost, HostGator, etc
• Registrar- where you bought your domain name: GoDaddy, Dotster, etc
• Twitter - it’s really embarrassing to get hacked on Twitter!

Update your Wordpress installation

Next to password guessing, the biggest hack is from crackers exploiting out of date files on your website. Most people on this list run Wordpress installations and although Wordpress now accounts for over 15% of the top 1 million websites on the planet – if you don’t keep it up to date – you’re inviting the hackers in.

The Wordpress core gets updated every couple of months and along with that so do the various plugins. Upgrading is a simple 1 click process but if you haven’t updated your site for a while, you might be vulnerable.

Backup your database

If I built your website you should receive a weekly backup of your website’s database by email. There’s a simple plugin that will automatically take care of this, if you’re not getting it, contact me.

I write from experience

I just spent two weeks getting a rather nasty hack removed from one of my servers; the hacker got in through a vulnerable file on a site that was no longer being updated by the site owner. Once in, the hacker edited the file to allow them to automatically inject encrypted malware into every site on the server.

Aside from the time it took to diagnose the problem (days) it took 7 straight hours yesterday to clean everything.

Are you protected?

For existing consulting clients I update plugins and Wordpress and apply general Wordpress security hardening. This won’t guarantee that you don’t get hacked – indeed, banks still get robbed – but it will dramatically reduce the likelihood.

If you’d like to take an hour to make sure your site is well protected and your passwords suitably secure, reply to this email and book a session.