HACKED! 6 Ways to Help Protect Your Website [Cybersecurity]

One afternoon, some time ago, I sat down to Google my websites, as everyone should from time to time to keep an eye on rankings. Much to my surprise, I see my listing on Google reads:  “This site may be hacked.”

My jaw hit the floor. WHAT?

Illustration of hacked site notification on Google listings

Yep, I was hacked. it happened to me and It can happen to the best of us.  Why would someone want to hack my website? I do not collect any data or do any financial transactions? 

HTML code on computer screen

After much poking, prodding, and phone calls to my website hosting company, I found that my hosting servers and my accounts were not hacked. They were secure. My site content was hacked. A hacker injected code into the content that rerouted some of my website links to pornographic content. Nice, huh?. Oh, so this is why they wanted to hack the site. 

Many hours later, I was able to locate and remove the malicious code. I then had to install new website security. Then I had to re-register my site with Google and prove it was now secure. It took about two weeks before that horrible message was removed from my Google listing. 

So what happened? How was my content hacked?

To put it in simple terms, when you click a link or go to a domain (web address), the request travels from the client (your computer) to the Web server. The Web server grabs the requested information from the host (where the website lives) and returns that information to your web browser. If this transaction happens in an unsecure/unencrypted setting, hackers can intercept the request or data while it is being transferred. If that data is intercepted, the hacker can plant malicious software, grab credentials, or perform some really atrocious acts.

There are many...many more ways this can happen however this is what happened to me. Websites contain an enormous amount of moving parts and ecosystems. 

 

How can I tell if a website is safe?

Have you ever noticed that some websites have a little lock or an exclamation mark shown in the browser’s address bar? Some browsers may even show website addresses as green or red. What is this all about?  Cyber security and potential threat.  

Illustration of web address in web browser address bar showing the lock symbol

With malicious virus attacks coming from everywhere, all the time, it is important to make sure your website is safe and secure - for you, your employees, customers, and brand. People tend not to browse websites that have been marked unsafe by the web browser or a search engine. They tend to view the company as less trustworthy because they can’t trust the website, which is a very poor reflection on your brand. And certainly, you don’t want to lose the trust of your clients!  The good news is, there are some steps you can take to minimize your risks. 

What’s the first step?

First, you need to know what it means to make your website secure. This is done with a SSL Certificate. SSL, or Secure Sockets Layer, is used to create secure handshake for  encrypted data traveling a network from your computer to the Web server and back. 

To get an SSL certificate, you must go through an industry standard, trusted, third-party organization, such as CAcert, Let’s Encrypt, or Verisign.  Once the SSL certificate is installed, your website will feature an image of a lock, or show your web address as green, and HTTPS in the address. Now browsers and search engines will mark your website as secure.

 

What does HTTP and HTTPS even mean? 

Illustration of lock symbol and HTTPS web address in browser

HTTP stands for HyperText Transfer Protocol. As taken from Webopedia, “HTTP is the underlying protocol used by the World Wide Web and this protocol defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands.” 

The extension of HTTP, which is HTTPS or Hypertext Transfer Protocol Secure is used for secure network data travel. 

Why is this important? Websites, especially those that process financial transactions or personal identification information need to guarantee they are secure from outside attacks while transmitting data across networks. Since 2018, more websites rely on HTTPS to provide peace of mind that their site is secure and not an imposter site. Keep in mind, hackers and phishers hold huge hats full of digital tricks to try and steal identity, money, access, and credentials.

In July 2019, browsers, such as Chrome, began marking sites as Not Secure if they do not use HTTPS.  So, if your company website accepts any kind of data, financial, personally identifiable, or otherwise, HTTPS is absolutely necessary

 

Here are 6 ways to to beef up website security.

While there are many more security measures that can be taken, the following recommendations will definitely help reduce security risks. 

Illustration of user making online purchase with a credit card
  1. Check with your current website hosting provider for SSL certificates.  Sometimes, depending on your provider, this is offered at no cost. If not, purchase your security certificate and have your IT professional or a hired professional install it. (This is not something you should undertake unless you are a professional.)

  2. Watch where and how you go online. Pay special attention to the Web address in the browser and how it appears. Also, only surf on password protected networks. Open networks tend to draw a lot of hacking traffic. You will get into the habit over time.

  3. Regularly change your passwords. Never share your passwords. And do not ever email passwords if they must be shared. Do not use passwords that are easy to guess.

  4. Apply website software and systems updates as soon as you receive them. Many times, hackers are looking for an outdated plugin in Wordpress or a backdoor in outdated software. 

  5. Use only trusted and supported software. Of course, everyone wants software for free however that is not always a good decision. Apps integrated into your website such as plugins, calendars, and forms should be supported and updated regularly. This usually comes at a cost.

  6. Do not drop the ball. Put a regular website checkup routine in place. 


 

– Chasadee and PJ

Chasadee has 20+ years experience in web administration, digital communications, technical and creative writing, and marketing.

PJ has 20+ years experience designing for large corporate sites to small businesses and is a professor of Web Design and Information Technologies.

Need help with your website? Let’s talk.

Keep up with industry trends, tips, tricks, and creative design for contemporary culture. Subscribe Today.

Patrick Baxter