10 ways to stop my website being hacked and blacklisted
Daily we handle the website security protection for hundreds of websites ensuring they are safe from being hacked with our Fix and Protect package We even clean them from all malicious malware if they are already hacked. Still we thought it would be good to share our knowledge and so we compiled this list of we call ’10 ways to stop my website being hacked and blacklisted’ .Of course these tips are just the start of your journey but still they make a good start to get you on your way. So sit back and read on to a more secure website..
UPDATE YOUR WORDPRESS VERSION
Doing this will not stop you being hacked or fix your site if it is already hacked but still it is essential! You should always ensure your WordPress is at the latest and greatest version. The WordPress team work hard to creates patches to help fix security holes so benefit from their hard work. Check the WordPress site for the latest version here . The easiest way to check if you are using the latest version is to login to your WordPress admin account and go to the updates panel. As mentioned even if you are updated your site can still be vulnerable to a hacker but still this helps a LOT so why not make it harder for the hackers and keep fully updated.
CHECK IF YOUR WORDPRESS IS ALREADY HACKED
When fixing websites we find often they have files placed on them by hackers over the last few years without the site owner ever knowing they were hacked. It depends on the type of hack but often hackers go to great lengths to ensure the website owner does not know they are hacked. This means the hacker keeps control of their site (for his/her malicious purposes) for longer. So contact us and get you to check to see if you site is hacked. If you don’t remove ALL the hacks on your site already, any future security is pretty much worthless.
CHANGE THE ADMIN USER LOGIN NAME
The default WordPress login is 'admin' so hackers focus on that username when attempting to guess your password. The best thing to do is delete the default admin account and create a new custom login. Also so many owners create and admin account that is based on the name of their domain name. Don’t do this as it is to easy to guess. A standard hack attempt is to use tools to brute force (dictionary based attacks) the password on your site so make your admin login name a real tough one guess. For creating a hard to guess password use tools such as the Norton password generator
CONSTANTLY UPDATE ALL YOUR WORDPRESS THEMES AND PLUGINS
Yes Update ! we cannot stress it enough. To stop my website being hacked and blacklisted – Update Update Update!. Update all your WordPress plugins and themes continually. Thousands of websites are hacked daily due to them using outdated plugins and themes installed on them. It is incredibly important to update your site as soon as a new plugin or theme becomes available. Most hacking these days is performed as an entirely automated process, with bots searching Google using ‘Google Dorks’ finding vulnerable sites and probing them for exploitation opportunities. It is not good enough to update once a month or even once a week because bots are very likely to find a vulnerability before you patch it. Unless you are running a website firewall like our SharkGate – WordPress protection from hackers (which protects your site 24/7 and our team keep you safe), you need to update as soon as immediately updates are released. The moment new vulnerabilities are found hacker bots are already searching for websites with them. This is why you will see security bloggers mentioning that if you have not updated a certain plugin (revolution slider, gravity forms,etc) within hours from a vulnerability release date your site has a good chance of being hacked. If your follow @OneHourSiteFix on Twitter we will help keep you notified about important updates and security warnings.
CHANGE FROM THE DEFAULT DATABASE TABLES PREFIX
The default table prefix for WordPress is wp_ and of course the hackers know that. When this knowledge the hackers then know all the table names of the most important tables in your WordPress installation . This makes SQL Injection attacks so much easier. So change this wp_ to something else of your own choosing (not your domain name!). see this link for some good instructions on how to make this change.
SECURING YOUR WORDPRESS FILE PERMISSIONS
So why is this important clients ask ? well say for example you set the index.php file on your site with permissions that anyone in the world can update it. A hacker could then update this file and redirect every visitor that comes to your site to their own malicious site. Okay we could do a full post just on this topic (we will make sure we do soon) and it is a key one in how to 'stop my website being hacked and blacklisted' so here is some quick notes and guidance on locking down the access to files and directories on your WordPress installation.
A good rule of thumb is … All files should be 664. All folders should be 775. wp-config.php should be 660 or even better move it out of your WordPress public_html directory. Okay that is just the real basics and we would recommend you fully read up here before adjusting your file permissions, as if don’t do it correctly you could put your whole site offline from visitors.
SECURING YOUR WEB SERVER CONFIGURATION
Doesn't my hosting company handle this clients ask ? No ! They want to make it as easy as possible for you to make your website and want as few support tickets as possible. Unfortunately this mix means they also leave your site’s server configuration in an open state the hackers love. You need to take responsibility and make a few changes to secure up these vulnerabilities. Here are a few rules we recommend you look into and add for your particular web server:
- Find out what Web server you are using and learn about your web servers configuration files. Apache web servers use the .htaccess file, Nginx servers use nginx.conf, and Microsoft IIS servers use web.config. Most often found in the root web directory that you have access to (and the hackers do if they are not secured), these files are very powerful. These files allows you to execute server rules, including directives that improve your website security.
- Prevent directory browsing: This prevents malicious users from viewing the contents of every directory on the website. Limiting the information available to attackers is always a useful security precaution. When cleaning sites we often see in the logs that hackers have been freely checking the websites wp-content/uploads directories trawling for all sorts of files that the owners would not want them to have
- Restrict PHP execution in directories that hold images or allow uploads.
If you place your site behind our SharkGate – WordPress Protection the hackers then have to get through our ‘Hacker proof gateways’ to reach your site so this part of 'stop my website being hacked and blacklisted' is automatically handled for you by us. Nice hey!
DON'T FALL FOR THAT UNLIMITED HOSTING
Yes we understand the temptation and it is cheaper on your pocket choosing the 'unlimited' hosting plans with your hosting company and putting all your websites on a single server. Unfortunately this is like finding a candy store for the hackers. In terms of security it is a way to make your life a nightmare. As security experts would say it 'creates a very large attack surface'. This basically means it offers hacker many more ways to break in to your sites. If the hacker can then get into one of the sites he can take over all of your sites on that same server.
For example, on a unlimited server package server you have might placed 10 or your websites. Say one of those sites you don’t really ever check or keep updated. The hacker can use this weakest link to break into that one sites and have full and complete access to take over your other 9 websites. With their tools they usually have a lot more access than you have with your WordPress admin console.
When we protect a site with our SharkGate WordPress Protection we will recommend we apply the same protection to all the sites you have on your server. Stopping the hacker using any of your sites to infect the others
THINKING YOU ARE PROTECTED BY DAILY WEBSITE SCANS
We have so many hacked sites that come to us that have previously purchased a ‘daily website Scan service’ from another company. The companies that sell these services are naughty in that they use a lot of marketing terms like “websites security” , “stop my website being hacked and blacklisted”, “secure your site” when actually these scanning services offer your site no protection from hackers. They just let you know if you have been hacked and actually often they fail in doing that. Weâre sure you will agree its much better to stop hackers in the first place with SharkGateâ¢, rather than just promising to let you know when you have been the victim of another hack and go through all the hassle of getting it fixed again. We believe in doing the right thing for our customers.
BACKUP YOUR WEBSITE
Okay this tip is not really a security one and maybe we should not add it to our '10 ways to stop my website being hacked and blacklisted' list but we felt we had to. A s if you don't use our services to stop my website being hacked and blacklisted then this is essential !. Unless you are an up and coming security expert and can spare the time each day to keep your site fully watched then backup your site. This is even more important if you try to fix your website yourself if it is hacked. That could be your first time at cleaning a website which means a good chance of breaking your website. Backup all the files of your website and do a full database backup. Stores these files on a different server than your current website.
The best way to stop my website being hacked and blacklisted
LET US DO ITThe easiest and fastest way to answer this question ‘how do I stop my website being hacked and blacklisted ?’ is to use our SharkGate – WordPress Protection. After that sit back and relax whilst we to the hard work to stop my website being hacked and blacklisted. We automatically stop hackers from attacking your website. Imagine if your website was a nightclub, then SharkGateâ¢ would be your friendly but firm doorman. He would welcome all those clubbers you want to let in and politely turn away those intent on causing mayhem â the sharks as we call them. You do not need to install any software or changing your hosting company and our friendly engineers can activate it for your site in less than 5 minutes and they promise not to talk techie, unless you want to!.
We Can Help Save Your Business
BACK ONLINE IN 1 HOUR
SITE FIXED IN LESS THAN 1 HOURIf we don’t fix a site in less than 1 hour then we do it for FREE!. Luckily for us we are very good at fixing sites fast!
Here is An Example When One Of The Big Boys Out There Gets Hacked
Evernote, 2013: More than 50 million records compromised
In March 2013, users of the note-taking and archiving service Evernote learned that their email addresses, usernames and encrypted passwords had been exposed by a security breach. No financial data was stolen, and the company confirmed that none of the user-generated content on its servers had been compromised.However, as had been the case for those affected by Epsilon's 2011 breach, Evernote users who had their usernames and email addresses stolen were vulnerable to spam emails and phishing campaigns — some of which pretended to be password-reset emails coming from Evernote itself.