It’s scary, it’s violating, it’s confusing, and it never ever happens at a “convenient” time.
I’m here to tell you that I have survived being hacked, I rescued all my files, and I am now more secure than ever.
It’s not brain surgery, but it does require action and attention.
Ready? Here’s what to do….
Follow the easy steps below to either avoid or survive having your website get hacked:
1. Keep your site updated
This is BY FAR the easiest, fastest and cheapest way to stay protected. Ironically, it is the habit that many website owners neglect, only to be shocked and horrified when they actually do get hacked.
Pardon my direct language here, but I can not urge you strongly enough to be empowered to manage your own online businesses, or to hire someone to do this website maintenance regularly if you can/will not. When no action is taken, and then you are hacked, you have lost the ability to be “shocked” when the consequences arrive at your doorstep.
Hacking is serious business, and it is undiscriminating.
I strongly recommend dedicating a minimum of one hour per week to your website. Make this hour a standing appointment with yourself. In this hour, log into your WordPress admin dashboard and check for updates. This will take less than 5 minutes of your time (leaving the remaining :55 for nurturing your online business…. another story for another day).
Website plugins, operating systems, versions of spam filters, seo applications, WordPress installs…. these are constantly being updated by the developers. If you leave your website stagnant and out-of-date, it is as vulnerable as leaving your shiny new candy-apple-red sports car parked, unlocked with the keys in the ignition, on the unprotected streets of a bad neighborhood.
Not smart, not professional, and easy to fix.
2. Backup Your Own Website Files
When you have your website working (looking and functioning as you wish), export a backup of your entire website onto a simple USB flash drive (these are cheap and can be purchased at any store that carries computer supplies, like WalMart, RiteAid, Apple, or your local drugstore).
a. contact your hosting company
If tech “stuff” is new to you, call your hosting company and ask them to help create a backup for you that you export or download as a .ZIP file onto your desktop.
b. or, access your FTP (advanced)
If you are comfortable accessing your FTP from a text editor (I love Coda 2), drag a copy of your entire WP-Content folder onto your desktop.
c. store on a drive
When you have your backup on your desktop, copy the entire thing onto a USB flash drive and put in a very safe place.Â No, this won’t be accurate after you update content (or add new blog posts), but it will save you when you are hacked and all of your files are corrupted. If that happens, you can destroy all of your files knowing you have a clean backup to restore.
d. use your exporter tool to save content
In addition to backing up your website files, use your WordPress Export Tool to save your actual page and post content. From your WP Dashboard, go to Tools > Export > select All Content. This will save as a .ZIP file on your desktop, which you can add to your USB Drive as well, saving all posts, images, pages, projects, etc.
TIP: Even if your hosting company performs regular backups, you still want to do this step, as most hosting companies only copy up to 30 days before deleting older backups. If you don’t notice a corrupted file, and you wait longer than a month, your hosting company’s backups could be corrupted, too.
3. Regularly Change Passwords, & For Goodness Sake Avoid Your Pet’s Name
Unless your pet’s name happens to be &Yj3v0Pp3, it is not secure to use your pet’s name. They won’t be offended, and they’ll still know how much you love them. I promise.
Just like how after 911 we all had to adjust to more annoying travel habits, the days of assigning your Pet321! password to everything you own is over. Sorry. I feel the heavy eye-rolls (I’m doing them with you).
a. get a password organizer and use it
You need one that you can easily access, that is securely stored. I love 1Password. I promise you, after the initial process of setting this up and syncing, it has made my life SO MUCH EASIER. More than just passwords, 1Password tracks my logins, credentials, financial info, identities. It auto-fills every online form I come across with a click of a button. LOVE IT.
b. manage and update your passwords
Make it a habit to update your password organizer first thing whenever you make an update or addition. This is crucial, in order to keep this as a working system in your life.
c. use random passwords
When you have an organizer you can trust and easily access, it’s just not a big deal to use different, random passwords. Don’t try to memorize them all. Make sure to use a different password for your website than you use for your financial institutions, and yet another password for your social media accounts (including email). Avoid pet names, nicknames, birthdays, street addresses.
4. When You’ve Been Hacked, Use a Specialist
Investing in quality hosting or a 3rd party security service as an essential part of running your online business. This service can help you in emergency security breaches, and can make it near-impossible for future hacking. It’s worth the monthly cost, just like the health insurance you hope to never need.
I thought I was secure because I had an SSL Certificate and had signed up for the security features provided by my hosting company. When I was hacked, I discovered how very limited these services actually were. I changed my hosting to WP Engine, WordPress specialists who provide excellent security at no extra charge, as well as free SSL certificates. Security is not something they think is “extra”… just a thought.
More importantly – and what I especially want to impart to you, my dear reader – is that when I was in need of assistance, I was left to rely on the limited expertise of the customer service agents at my hosting company. These same agents who were trained in sales and basic trouble shooting were now charged with saving my entire website?
I don’t think so.
If you need a 3rd party security company, I continue to recommend Site Lock, which is a company that specializes in one thing: site security. You can talk to a real human being who will manage your case (if you’ve already been hacked), and can monitor it each month with the right attention to detail. And, they manage back-ups with the ability to restore a working version if needed. Note: they will try to upsell you horribly. Ignore this and stick to what you need done: fix your problem.
I’m not an affiliate and do not benefit from the referral… but I have used this company successfully in the past, and they have helped me.
The goal is to have an updated website with a solid back-up, an easy system of current passwords, and access to your own website security hero who can actually help you when you need him or her.
I realize the initial step into security may feel daunting and overwhelming, but you are a professional willing to take on the accountability for your online business, and the strength you will feel from pushing back at the hackers will feel AMAZING. And, I’m always here to help you.