Yeah, I know, boring subject.
The answer is, not really. Fixing a hacked site is not necessarily expensive, but what is expensive is losing business through a compromised website.
No, having a hacked site, is not fun. I should know. You get that helpless anger feeling, and you don’t know what to do.
But, I got everything fixed and I put a few precautions in place.
You need to understand that a website gets hacked because of various holes that it has. There are security vulnerabilities, which the average website owner is simply ignorant about:
- A very easy password and username to crack
- Viruses in your own local computer that get uploaded to your site as you’re updating it.
- Old code on an un-updated website.
- Or the use of an unsafe or bad plugin or script on your site
There are the solutions to those “holes” above in sequential order.
- For your site usernames and passwords do not, do not, do not use “admin” and “123abc”. Use a random password and username generator, that uses a good string of 10+ numbers, letters and symbols, and changes them periodically. You can also get a password manager like LastPass, which can generate and help you keep track of different passwords for your various user accounts, including your banking and financial information; you just have to use one master password.
- Viruses on your own computer, this is less likely, but you also want some version (even a free version) of anti-malware software installed on your computer like Malwarebytes, and run them at least weekly, or every couple days. Yeah, I know, inconvenient, but how inconvenient is it to see your website and/or computer hacked? Don’t click indiscriminately on any link or banner ad, you might see regardless of how provocative it might me.
- Old code on an un-updated website; if you have a WordPress, Joomla, or Drupal website (called CMS’s, or content management systems) you need to regularly (at least once a month) update them. You can usually do it will a simple click of a button. These updates come out for an important reason, to plug or fix any security holes.
- Unsafe plugins or scripts. Don’t fall for that plugin that claims to turn your website around, and make it do wonderful things, magically making your tons of new visitors and customers. Chances are it is made by some fly by night, developer who just wants to make a quick buck and it’s shoddily written and/or it’s abandoned a few months later, causing security vulnerabilities that some roving hacker-bot can seize up and make your life a living nightmare. It happens.
- Make backups, a good website host will make daily backups of your site in case something happens.
So, Update, Monitor and make Backups of your site. A good host will help you with auto-backups and even security monitoring and fixes; but always keep everything updated on your website.
Hire a web-guy (or -gal) let them handle the details. Call us at GrowthDev, we can fix it for you, turnaround time is about 24-48 hours. Put our 20 years experience on the web at your disposal.