Lately, I have noticed an increase in hacker activity on several of our clients sites. We have even had to do a few repair jobs after a hacker has gotten into a site. Some fixes are easy, most are not. All site security breaches can be very costly to your business, your reputation and to your revenue stream. With that in mind, I wanted to share some tips for improving your site security.
First Things First
1) Use a good, strong password. A password with a combination of uppercase and lowercase letters, numbers and special characters is a good way to go. Also, this is one of those cases where more is better. Studies show that a 5 character all lower or upper case password with letters only can be broken in 60 seconds or less. Adding upper and lower case letters increases this to 6 minutes and adding a number and upper and lower case to that raises it to 15 minutes. An 8 character upper and lower case password with numbers raises the time to about 7 years and a comparable 10 character password could take 26,984 years to break.
Also, don’t use a password that is a real word. If you want to remember a password then try using numbers to replace letters. For instance if you are a Dallas Cowboys fan and Tony Dorsett (#33) is your favorite all-time player try something like this: C0w80ys33. It has a capital letter C and the letter o has been replaced with the number 0 and the letter b has been replaced with the number 8. It is not hard to remember and is pretty strong.
2) Change your password. Now that we have talked about what makes a good password, let’s go a step further. Change your password once in a while, especially if you think your site has been compromised. As a matter of fact, do me a favor, and go change it now. I’ll wait.
3) Don’t share your password. Don’t tell it to co-workers and don’t let someone else login as you. All it takes is one angry employee or ex-employee to create a world of havoc.
4) Log OUT! When you are done, log yourself out. This is especially true on a shared or public computer.
5) Keep up to date. This is the reason for this notice. Always keep the scripts and documents on your site up to date. Hackers are always looking for security holes in the server and the scripts on them. The older the script, the more time hackers have had to find these holes and breach them. There are hacker groups who share this information with each other.
6) Back up often. No matter what type of site you run, it is a good idea to regularly make a back up copy of the site. On a shared server, which is where most sites are, hackers will break in and it may be because of your neighbor on the server. Servers also can crash or you just might want to move to a new web host or server. A good, clean backup is a great thing to have.
There are many other more involved techniques that can be implemented to secure your web site, but these basic steps will go a long way toward keeping you safe.