Answers...

to commonly asked questions.

How can I protect my website from hackers?

How can I protect my website from hackers?
_________


Website security is one of the most important things to any business. More and more we are seeing sites being compromised by software that penetrates your files on the server on which your site lives. Bad code can be injected into your site's pages that result in your site disappearing from the web and replaced by someone else's garbage ads or even worse (adult sites in some cases). That can destroy your business within a day. First line of protection:

Get a secure certificate. You'll notice some sites you go to now say "not secure". What this means is that the site's owner has not yet purchases an SSL certificate that ensures information entered on that site is encrypted as it travels through the internet. You can tell if a site is secure by seeing the lock within the url bar. You can also tell by seeing https: instead of http: HTTPS stands for hyper text transfer protocol secure. Sites like Amazon, eBay, NYTimes, even my own site have taken the step to secure their site. Sites such as Charlotte Meck schools have not have not yet taken the step to secure theirs. If you don't see a lock on the site's url or your browser states the "site is not secure", best not to enter information into that site. Eventually browsers will refuse to load webpages that are not https.

Now, just because you are on a https site doesn't mean everything is safe. It is possible to be on a bad guy's site that he has secured. If you mistype a website's name, there are plenty of bad guys out there that have bought the misspelled name and are waiting for you to land there accidentally. They may have even invested a little to secure that site to make you feel more comfortable. Next thing you know, you think you are entering your information in amazon but your are accidentally giving amazan the information. You get the idea.

Next, sign up for a service that checks your site weekly for malicious code. There are several out there that are free and do a great job. I use sucuri.net which comes with my hosting service (godaddy). Here's a list of a few website based tools you can use to check your own site out for malware:

https://www.virustotal.com/
https://aw-snap.info/file-viewer/
https://sucuri.net/malware-detection-scanning/
https://sitecheck.sucuri.net/

Here's what a good report might look like:



If you find that your website has issues you'll want to fix them as fast as possible. A site that contains malicious code for very long will end up getting blacklisted by Google.
This image is a theme.plist hack