It’s an unfortunate reality that website hacking exists, but here are the best (and simple!) tips and tricks to follow to keep your data secure and your account free malware:
Keep your software and tools up to date.
No matter the application you decide to use, it is very important to make sure you’re keeping application software, plugins and themes up to date. In addition to fixing bugs, these upgrades usually come with security enhancements.
Make sure your tools are compatible with latest versions of software.
When working with new themes or plugins try to avoid choosing tools that say something along the lines of “…this [theme] has not been tested with the latest version of software” or “…this [plugin] hasn’t been updated in 3 years“. As a good rule of thumb, you’ll want to work with themes and plugins that have been updated in the last couple of months, have high ratings, and are continuing to improve.
Enforce strong passwords.
A good, strong password should 1) be hard to guess, 2) have at least 8 characters, and 3) include numbers, symbols, uppercase and lowercase letters. You’re also encouraged to change your passwords often. To keep track of passwords that are hard to remember, a password manager like 1Password works great!
Encrypt your sites using SSL Certificates.
Installing SSL Certificates on your websites are a sure fire way to make sure that your data is loading securely. Reference this guide on Installing SSL Certificates for more information.
Use tools to regularly monitor security vulnerabilities.
Your hosting account is on a server that is continually running scans and checking for malicious activity, but it sometimes can’t hurt to have your own scan running at the account level. There are plenty of third party tools out there, but if you’re working with WordPress then you may want to consider installing Wordfence Security.
Clean your hosting account regularly.
A common misconception about hacking is that malicious files can only penetrate the website that is currently infected. This is simply not true. Once a website is infiltrated, hackers can access any additional sites that are hosted in the same cPanel dashboard. Simply put: if the site exists, it needs to be kept up to date. If the site is not longer in use, you may want to consider archiving it or deleting it entirely. The same is true for plugins and themes– if they are not in use, they should be deleted (not just deactivated).
