How can I reduce my chances of being hacked?
The most effective approach to reducing your chances of getting hacked is to ensure your website and email accounts are secure. Start by following these simple best practices, which apply to all web platforms.
Strengthen All Passwords
Strengthening your password is the best way to stop hackers. The days of using “password” for your email or site password (don’t laugh, I’ve seen it) are long gone.
A strong password:
- is 8 characters or longer
- does not contain any dictionary words
- has upper and lowercase letters
- includes at least one number and one special character
Random passwords are best. You can use one of the many random password generators available online. If you have a cPanel account, a password generator is built in, as are most password managers.
Don’t worry if it’s difficult to remember. Most browsers, email clients, and other programs will store your passwords for you. There are also several password manager options available.
You can even go a step further and use two-factor authentication (2FA) for your applications. While not all services support 2FA, the list of those that don’t gets smaller every day.
Never Reuse Passwords
It seems that everything needs a password these days. Emails, bank accounts, social media… It can be difficult to remember all of these passwords. To make things easier, you can use the same password for all of your accounts, right?
WRONG!
This can be disastrous. Most accounts use your email address and password for authentication. If you use the same email and password for all of your accounts, if even one account is compromised (maybe an account with lower security, like a newsletter), all of your accounts are now compromised. Your bank will have several layers of security to protect your information from being stolen. That bird-watching blog that you visit most likely does not.
Hackers are aware that most people use the same password for multiple accounts. So, if your Facebook account gets compromised, the next thing the hackers do is try to log in to your email account. If successful, they now have access to all your accounts that use that email as a username. Even if your other accounts use a different password, they can potentially use the password reset on the login page to gain access.
As mentioned above, the best method for protecting your accounts is to use a different, randomly generated password for each account, and then manage them with a secure password manager. But if you do decide to use the same password for all accounts, at least use a different password for your email address. While this is still not very secure, it will lessen your exposure.
Add an Email Filter
Most account “hacks” are caused by phishing emails and spam. While your email account has a spam filter installed by default, you can also use an external email filter to help filter out unwanted spam and phishing emails.
One of the most effective and affordable solutions is Email Defense, found in your client area, which provides an advanced spam filter plus virus protection. It helps keep your accounts secure by blocking spam and quarantining potentially dangerous emails.
SSL Certificates
You can purchase an SSL certificate from your client area to help protect sensitive customer data on your site. When you purchase and install an SSL certificate, your site will change from HTTP to HTTPS (the “S” is for “Secure”). Your customers will instantly recognize that their information is protected, which can lead to increased traffic to your site. Additionally, Google is placing increasing emphasis on whether a site has an SSL certificate installed, so strengthening security with SSL encryption will also boost your search rankings.
Look Out for Phishing Emails
One of the largest and most common security issues is phishing email attacks. With so many now working from home and relying on emails more than ever, phishing email attacks have escalated significantly.
Phishing is named as such because it resembles actual fishing: the phisher will throw out a hook (email) and hope someone takes the bait.
One of the most common phishing email attacks takes the form of a fake email from a legitimate business. You will receive an email that appears to be from your bank, for example. The email will “inform” you that there is some sort of issue with your account that requires you to log in to it, and will provide you with a link.
However, the link does not take you to your bank’s website. It takes you to a hacked website that is made to mimic your bank’s website. When you enter your account information, instead of logging you into your account, the site records your account information and sends it to the hacker. The hacker now has access to your real account.
And not just bank accounts. We have seen phishing emails that mimic several different accounts, including those from streaming sites, online stores, email providers, and service providers. If you receive any unexpected emails from a business with which you have an account, approach them with caution.
So how do I know if an email is legit or not? Well, there are a few telltale signs. The biggest red flag is the presence of spelling and grammar errors in the email. Also, look for missing or odd-looking images in the email formatting. Most legitimate businesses spend a lot of money on branding and would never send out automated emails with spelling mistakes (well, maybe not always). A poorly formatted email with missing images, poor grammar, and typos is a sure sign that the email is not legitimate.
Another thing to check is the actual target of the link. If you are using a web-based email client (Webmail), you can hover your mouse over the link. You should now see a box in the lower left corner of your screen that shows the actual target of the link.
If the address in this box does not start with https://or is anything other than the domain from which the email originated, then you should not trust it.
If you are using a mail client, such as Apple Mail or Outlook, you will typically see the target of the link in the tooltip that appears when you hover over the link. You can also right-click the link and see the target.
When in doubt, never use a login link provided via email. Go directly to the website and log in from there.
Keep WordPress Updated
WordPress is easily the most popular website platform today, largely due to its user-friendly design, which is complemented by numerous plugins and themes. In fact, our website was built with WordPress. However, due to its popularity, it is also a significant target for hacker attacks. Fortunately, there are several simple steps you can take to enhance your site's protection.
- Keeping WordPress plugins and themes updated with the latest version is the single most effective defense against hackers.
- Limit login attempts to prevent hackers from gaining access to your site through Brute Force attacks. The Loginizer plugin is great for this.
- Only install and use plugins and themes that you have researched to ensure that they are safe. The wordpress.org blogs can help with this.
- Install all-in-one security plugins to handle many security tasks for you. We recommend Wordfence as it is one of the best. You can install and use it for free, and there are advanced features you can pay for.
The main thing to remember with WordPress is that it is not a “once and done” platform. If you do not stay up to date with your WordPress installation, plugins, and themes, it will eventually become compromised.
Most WordPress hacks are caused by vulnerabilities exploited in plugins and themes, so keeping those updated is vital. You also want to watch for any news regarding your current plugins or themes, as there have been incidents where an older plugin was purchased by a new developer and the new developer inserted scripts that caused vulnerabilities in the site.
The main takeaway here is that if you are using WordPress for your website, you will need to monitor it frequently for updates and potential threats.