When it comes to hacked sites, most developers consider this a bitter-sweet situation. You never hope your client’s website is hacked, but if it is there is no better rush than when you fix it and defeat them! As for me, I get the same high when I fix bad code and make the site look better, work better, and I also try to do my fair share of making the Internet as a whole work better.
There are a few things you can do to help stop hackers.
#1 make regular backups to your site, regardless of the platform you are using. NOT JUST DATA. A full backup needs to be done before you: add or change or update any plugin, and/or update API connections, mess with any kind of coding that you “think” you understand. Backup, Backup, Backup. Even if you have to pay for the plugin that has a good “restore” and or “migration,” it is worth it.
#2 Know who you are hiring to do code fixes. There are many who charge an arm and a leg for such fixes, going cheaper isn’t always bad. Check them out online… Google is your best friend and don’t just check the first few links. LinkedIN is a GREAT place to get additional info.
#3 Access should be monitored. Some clients, who had been told that it would cost them more each month to set up webmaster access, thought there only recourse was to give me their password and account login. BE SAFE! If you HAVE to do this: change your password to something simple, then make certain you know when the person you are having do the work is done, and once it all works/looks right…change your password back to what is familiar to you.
#4 Limit FTP accounts to your website. FTP accounts make it easy for folks to access, update, change, fix, etc. your site without needing the login name or password. But these connections access your site as if they did! If you don’t do business anymore, you need to delete the FTP access to your hosting account folder! There are crooks out there that buy such info, or sometimes even come upon it serendipitously.
#5 Don’t send Passwords in emails. I will admit even there have been times where my clients (usually for emergency reasons) sent me passwords to me via email. Such correspondence is always digitally shredded and deleted, and I strongly request clients shred their “send” files too. It is never a good idea to have “password” and the actual password in the same email. And even though this may be a bit paranoid, splitting up your pw in two emails does add another layer of security. The other way to stop this is to call and tell the person the necessary info. There are times clients have had to set up accounts that I needed to access to tweak with photos or videos or other coding to make it look and work like they wanted. So they created a password, and with my blessing changed it to another complicated one once I was done.
Above are the sites I have had the privilege to fix using HTML, CSS, and PHP coding. One was hacked (seen right in the 3 stages from hacked, un-hacked, fixed!) and all that registered was a blank page with the hackers name. It seems this guy was doing it with many WordPress.com sites, and once the bad coding was eradicated, side bars needed to be remade. The hack happened a second time, but without access to the host site I couldn’t discover how he/she was getting in. The noise on the Internet said that they thought it was from old FTP accounts. (Yes I have blurred certain parts of the photo for obvious reasons.) Then there are 3 sites that were migrated incorrectly by someone else. One site took 6 months to fully complete with dozens of missing pages. If you are migrating your website from ANY platform, please consider my Documentation package.
So be smart, careful and methodical in keeping your site safe.
Contact me for budget friendly help with your website or web presence: Management, Maintenance, or Marketing.