Do You Back Up? How to Hack Proof Your Site.

How often do you drive your car in reverse?

Kidding. I’m talking about your website. Christmas Eve I was greeted with a phone call from one of the partners telling me one of our more popular sites got hacked. Sure enough I visited the site and was greeted with a windows-explorer style menu system that let any visitor to the domain browse our server hierarchy, upload and download, delete, and rename files.

After about an hour I was able to spot an edit that had been made in our database that was causing the issues. Luckily, everything on all our sites/servers is backed up every single day so restoring was a snap. I took the time to do a few other helpful fixes, and we were back up and running. My best advice for hack proofing your site is this:
back up regularly.

Not exactly tackling the problem head on, but in my experience a good backup system can prevent excess downtime, give you the time to fix exploits (which are usually well documented, robotic hacks that aren’t that difficult to fix) and get you back on your way. No system is completely hack proof. Look at SSL which just last week was totally cracked. It’s best to do what you can upfront, but I’d divert more resources into creating a solid backup system over a million security product any day. For more proof, check out how this six year old web company was wiped out this week by a disgruntled employee. A security plan and backup routine can make a world of difference in your long term success.

Some helpful tips for Wordpress powered sites:
rename your tables to start with a prefix other than wp_ (update in your wp-config.php)
change your admin username to something unique
log traffic and block suspicious IP’s
don’t leave files writable unless you’re working with them
consider this plugin for extra security help

Hope everyone had a great holiday season! We have some exciting things planned for the coming year.