5 Ways To Prevent Cyber Attacks On Your Website (& What To Do If It Happens)

Web Design

So, your website security has been breached? We know it’s hard, but don’t panic! 

seo mildura

We’ve put together a list of ways to prevent your website from being breached, as well as what to do if it happens.

Let’s start with prevention – the best option when it comes to protecting your site from invasion! Below are 5 ways to protect your website and prevent it from being susceptible to cyber threats.

1. Choose a capable host & web developer (that’s us!) 

Having a good relationship with your provider with experienced and supportive tech support makes all the difference when it comes to cyber security.

Your provider can ensure your website’s safety through the development of your site, while also educating you on how to best care for your site moving forward. They may even have ongoing care packages where they take on the task of security themselves – we do!

2. Back up your website 

If we’re your Mildura web design team, you can rest assured your site is backed up on a regular basis. While we hope we never need to use it, having a backup provides us with a safety net should your site be compromised.

If you manage your own backups, here are some tips to make sure you’re nailing it:

  • Ensure backups are off-site. We don’t want them stored in the same location as the site, leaving them vulnerable to attacks.
  • Making your backups automatic using a backup solution to transfer to a hard drive or remote server means your backup is always up-to-date and never postponed when you’re too busy with other tasks.
  • Making sure your backup solution provides an option for restoration at multiple points in time, just in case your site has been compromised for a little while before you’re made aware of the threat and your most recent backup is then also in the same boat. 

3. Limit & control access to the backend of your site

Limiting the amount of users and their type of access to the backend of your site, limits the amount of possible vulnerabilities your platform has.

Ensure that admin permissions are only granted when absolutely necessary, keep an eye on activity logs for any abnormal activity, remove users as no longer necessary, and enforce a strong password policy for all users with access. Fido123 just doesn’t cut it for security in 2022!

4. Keep your software up-to-date and never use ‘nulled’ or ‘hacked’ software

Keeping your website’s software up-to-date means it’s functioning at its best, and any potential software security threats have been identified and fixed. 

You also want to make sure that any plugins you’re using (including security plugins) are updated regularly on the developer’s side of things, showing they are proactive in threat management and ensuring optimum functionality. 

‘Nulled’ or ‘hacked’ software refers to themes and plugins that have been pirated and are not purchased from a trustworthy seller, leaving them open to vulnerabilities. Purchasing from trusted developers reduces potential software threats. You will want to ensure you have also disabled any software you are no longer using.

5. Take advantage of security software such as installing an SSL on your site, or setting up a firewall

SSL is a Security Sockets Layer, designed to encrypt and authenticate the data sent between an application (your browser) and a web server. Including an SSL certificate in your website security plan comes with the added bonus of getting in Google’s good graces, as they frequently push for a more widespread use of SSL.

Not sure if your site has SSL? If it does, your website address will start with https:// rather than http://.

You can create a Firewall for your website by using a service like Cloudflare, or by using a security plugin. 

digital marketing mildura

If they managed to get through – don’t panic! 

If we’re hosting your site, our Mildura web design team take regular backups seriously, so we’ll have a backup of your site ready to go and can work with you to get your site back up and running as soon as soon as possible! If we’re not hosting your site, we can still help. Give us a call as soon as you can to discuss our Malware removal service options. 

If you’re managing your own website security and you would like to attempt recovery yourself, below are 5 easy-to-follow steps on what you can do next:

1. Put your site in maintenance mode

The first thing we want to do is prevent visitors to your site while it’s a compromised state, we don’t want your valuable clients left open to threats, and we also want to keep the ‘fix phase’ out of sight if we can help it.

You can use a plugin such as ‘Coming Soon’ or ‘Maintenance Mode’ to do this, however if you are currently unable to login to your WordPress site, you will have to return to this step at a later time.  

2. Reset passwords & user privileges 

This probably sounds like a no-brainer, but every user that you wish to maintain access to your site will need to have their passwords updated (secure options only! Sorry, Fido123). This includes passwords to any associated software, such as your database, CRM and hosting provider.

It’s also time to clean house, remove any unknown and unnecessary users, and ensure everyone’s permissions are correct.

3. Get cleaning (your sitemap, files, and database)

To remove any unwanted files, you can install a security plugin or use a security service. You will also need to clean out your sitemap.xml file and ensure there are no suspicious links or characters. You can generate your map using an SEO plugin, and you will need to submit your cleaned map with Google using the Google Search Console, and request to have your site ‘crawled’ (checked) – this can sometimes take a couple of weeks but is worth the wait!

If your database has also been compromised, you will unfortunately have to add this to the list! You can use a security plugin designed to scan your database and flag any suspicious activity.

4. Update plugins and themes (and reinstall where required)

As with ongoing website security, ensuring your software is up-to-date is a crucial step in the recovery process. You can achieve this by going to Dashboard > Updates in your WordPress site, and following the steps outlined.

If you have found you are still having problems with your site after cleaning out your files and sitemap, you may need to reinstall plugins and themes. You can do this by deactivating and deleting them from your Themes and Plugins pages, and reinstall (making sure you use Maintenance Mode first if you haven’t already).

5. Reinstall WordPress

If you’ve tried all of the above and found yourself unsuccessful, short of calling our Mildura digital marketing agency, you can reinstall WordPress itself. Make sure you take another backup before doing this – just in case! You don’t want to use an auto-installer when doing this as it can overwrite your database, so it’s best to use a SFTP to upload the files only.

We know that having your website hacked is a painful, lengthy and often expensive experience, so we hope these tips have been helpful. 

If you find yourself concerned about the security of your website, or would like more information about our one-off security audit or ongoing website security package options, reach out to the Mildura web design team at Rock Solid Marketing. We’ve got your back with a Rock-Solid cyber security plan!

Leave a comment

Categories