Focus is Key: How to Manage Your Week for Maximum Impact in a Sales Process
19-04-2023
Infographic – Ten Risks of Product Development
02-05-2023Our WordPress-based web servers were hacked last week, and it was a harrowing experience. It took us three days to stabilize the situation. I learned the hard way, you need to make sure your website is secure and protected. Here are some tips from our experience that might help you keep your website safe.
Peter’s tips to improve your security
- Back up your systems regularly and make sure you can restore them. We had recently completed a recovery exercise, and this saved us from total disaster.
- Keep your plugins up-to-date, and remove or deactivate unnecessary plugins: Plugins can be a weak spot in your website’s security, especially if they’re out-of-date or unused. This will help minimize the attack surface of your website.
- Use secure admin passwords and different passwords for every system: Use strong, unique passwords for every system you use, and don’t use default names for admin accounts. This can help defeat brute-force attacks.
- Stay in contact with your previous sysadmins. Former sysadmins can be the best or only source of knowledge about older decisions and “how-does-this-really-work” questions.
- Use a security plug-in. It is somewhere between a smoke detector and a fire alarm. It will offer resistance to various forms of attack and can issue warnings if the system has been compromised.
- Ensure someone is receiving and reacting to notifications from the security plug-in!. Unexpectedly changed files or a new admin user are a fire alarm!
Some good news: We were using the free version of iThemes Security. It recognized that something was amiss about a week before the system stopped functioning. If only we had reacted to the warnings, we could have intercepted the attack much earlier.
What if you are the user of hacked system?
- The first thing you should do is change your password. In fact, we changed all our admin passwords as soon as we discovered the hack.
- If you’re using the same user ID and password to login anywhere else, change that password everywhere and use a unique password for every system. Use a password generator and create long passwords, like 18 or 20 characters, with a mixture of upper and lower case letters and numbers or punctuation marks.
- Subscribe to Have I Been Pwned. This allows you to check whether your personal data has been compromised by data breaches. It can also notify you if your data shows up in the future.
I hope this tips are helpful to you. Stay safe!
