Hacks on smaller websites are mainly attacks of opportunity. Attackers don’t target you personally, it’s more a matter of a coincidence. And smaller websites are often more vulnerable due to out-of-date software, poor-quality plugins, insecure passwords, misconfiguration, and/or bad hosting. You may not be a hacker’s end target – your hacked website may facilitate accessing other computer systems and people – such as your website visitors.
OK, so what can you do to protect your website!?
Internet security is a fast-moving challenge with new threats found almost every week. Google blacklists close to 10,000 websites a week for malware and flags over 20,000 for phishing. Make sure you’re not one of them. With PEAK Website Security you’re prepared to repel the threat.
It’s impossible to reduce your risk to zero, but you can drastically reduce it by taking appropriate precautions.
Creating full website backups on a regular basis is cheap insurance in case a serious problem does affect your website. Many times when disaster strikes it’s easier to restore it from a working backup copy than attempting to find and fix the problem. A backup can be restored in under 30 minutes and you are back online. Cleaning a hacked website may take many, many hours – even days.
PEAK Website Security uses the industry-leading Akeeba Backup Pro extension to schedule backups at regular intervals. It all happens automatically behind the scenes with no manual effort required. How often you backup depends on how frequently your website changes. E-commerce websites with frequent orders should be backed up more often than websites with infrequent content revisions / additions.
We don’t store backups on your website’s server. If something unexpected happens to your website, files are deleted or the server goes down, you will have lost your backups as well. Instead, as part of the automated backup process, the backup archive is transferred off your server to a cloud storage service such as Dropbox or Amazon S3 for safekeeping.
A bad host can ruin even a properly configured and maintained website. Bargain-basement priced hosting services are cheap for a reason. Shared hosting plans may not have ample protection to prevent cross-site contamination. An infected website on your shared server may infect your website. Paying more for quality hosting will actually save you money in the long run.
Sparks Arts provides cloud hosting by SiteGround, one of the premier hosting companies in the world with best-in-class security, speed and support. With a customer rating of 4.98 out of 5, SiteGround can’t be beat!
Permissions determine who can do what to your files, things like read, write and execute. You don’t want to allow everyone in the world to access and modify your website files!
With PEAK Website Security, we set permissions correctly and make sure they stay that way.
Without https, any information sent between your computer and the internet is plain text and could be intercepted and read, including your login username and password. That would sure make it easy for a hacker to take over your website.
Using an SSL certificate forces a secure connection that encrypts all data transferred and cannot be read. With an SSL certificate your website address begins with https:// Most modern browsers now clearly indicate such a site is SECURE.
Websites hosted by Sparks Arts automatically get a free SSL certificate from Let’s Encrypt. Paid certificates with more features are available if needed (for example, if your e-commerce website accepts credit card payments on-site).
SEF URLs hide your website’s structural information and preventing hackers from knowing what software you’re using.
With SEF URL’s the address of this page looks like this:
Without SEF URL’s the address looks like this:
SEF URLs make sense to both humans and search engines because they explain the path to the particular page they point to. You can make sense of the address and understand the page’s context. But you have no indication of what software is creating the page, and that’s good.
Brute Force Attacks are one of the most common attacks that affect every website. With Brute Force Attacks, a automated bot attempts to log in to your website by using common usernames and passwords. Since this is done by computer scripts it can check thousands of combinations in no time.
PEAK Website Security avoids vulnerability to this type of attack by following these best-practice rules:
Passwords such as “123456” are the first thing hacker bots would try and would be hacked in seconds! A 12-character password like E8f*Ne4^KZE3 would take about 400 years to bruteforce on an average home computer. Increasing the password to 15 characters ( v9%3AMfVc7dRPPu ) increases bruteforce hack time to 3,261 centuries!
Numerous login accounts increase your security risk because they increase the chances for brute force password guessing. We create only one Super User with full login access to website configuration. Additional backend Administrators with limited access capabilities is safe when limited in number.
In addition, unless you need your website visitors to be able to create login accounts (such as for e-commerce, or to show certain content only to members), we’ll disable new user registration.
PEAK Website Security utilizes another top-rated, feature-rich extension from Akeeba, Admin Tools Pro.
Admin Tools includes a web application firewall to protect your site against the vast majority of common attacks.
For even more protection and monitoring, you may opt for cloud-based firewall protection from:
Restricting accesss to your website’s admin area will greatly improve security. Adding an extra login password that’s required to even get to your backend login form will make it much more difficult for hackers, especially brute force attacks that attempt to gain administrator control of your site.
Sparks Arts has been building and maintaining Joomla! websites for over 10 years. We are part of the great, helpful community that makes Joomla! so awesome. And this experience has taught us what can be trusted.
We make sure the extensions and templates used on your website have no known vulnerabilities, and insure they are actively maintained and fully supported by their developers. Most extensions we’ve used before, use now and are very familiar with.
Frequently on existing websites (that we didn’t build) we find extensions that were installed long ago, decided not to use, but never deleted. They are now way out-of-date, making the website vulnerable to attack even though the offending extension isn’t used.
We review everything installed on your website, whether we built it or not. If it’s not used or unnecessary we delete it. We keep your website lean, using only the minimum of what’s truly needed.
More than any other reason, websites get hacked because the software running them is out-of-date. With PEAK Website Security, we make sure your website software is up-to-date with the most current released versions.