As a website owner, one of the things that you dread hearing are the words, “Your site’s been hacked”.  We all know that we should make cybersecurity a priority, but most small business websites feel that they’re not much of a target, since they don’t have high traffic, and don’t store sensitive financial information on the site.

Large corporations spend a lot of money protecting your data, making them very hard targets, and a soft target is all a hacker needs to start sending out spam, or proliferating backlinks to less reputable websites.  Many a small business owner has learned the hard way that hackers will go after seemingly inconsequential sites because they do it with bots on a large scale.  It’s not about hacking your site; it’s about hacking hundreds or thousands of sites.

 

A few simple countermeasures

There are a couple of things that you can do to help maintain the security of your website.  In many cases, these will be enough for sites that do not store very sensitive information.

 

Use Strong Passwords

I am amazed at how many people use very weak passwords on their websites.  I am not suggesting that all of us are going to use a 32 character, randomly generated password that changes every 90 days.  Get something that is at medium to high security (usually 8 characters, with at least one uppercase, lowercase, and special character), and use a password management program to keep track of it, because we can’t remember the sheer number of passwords we need in modern life. If this is still a problem,  there are other options that I will get to below.

 

Limit Login Attempts

One very common attack is a brute force attack, where an attacker will try to gain access by logging in with millions of different passwords.  If you set your login to only allow a handful of failed attempts before temporarily locking out the user or the IP address, you will make it very difficult for a brute force attack to succeed.

 

Check your computer for viruses

You use your computer to log into your website.  If your computer has a virus, you’ve created a door for hackers to get your passwords and wreak havoc on your digital life.  Get a basic virus scanner, and do regular checks.  Be careful to scan downloads from sources you’re not sure about, and stay away from bad neighbourhoods on the web.  If you are giving hackers access to your computer, then the other security measures we discussed will be of little value.

A Password Alternative

I recently came across a password alternative that I think is pretty cool. Trusona is based on a tech that was developed for the US government to authenticate users.  Rather than a login screen, the user gets a single button that when they press, they are taken to the Trusona login, which has a QR code. The code is a single use login. The user then opens their mobile device, and the Trusona app (free for iOS and android) and scans the QR code. The App will then receive a push notification, verifying the login.  Press accept, and you’re in, securely, with no password.

WordPress login fields are replaced with a single button

Single use QR code is scanned with the users approved mobile devive

Users device receives push notification verifying the login.

Login is accepted, and user is logged in

Conclusion

Obviously taking these steps is no guarantee that your site will never get hacked but taking these few simple steps can make your site a quite a bit harder for hackers to get into, which will greatly reduce the probability of your site being compromised.  Hopefully you’ll never hear those dreaded words, “Your site’s been hacked” again.