Go on.., click the 'win' button, take up a McCarthy-Wood challenge and let mwDIRECT.me take you to your destination!

The Best Defence Against Hacking and Data Loss for Small to Medium Size Websites

The short answer, in my view, is do proper backups of your website. I get this question a lot, and while this question is usually in relation to Wordpress website owners, it is relevant to other platforms including Joomla.


This question usually arises because a website owner has come across a blog post or an email scaring the data-bits out of them. But, surprise, surprise, this ‘helpful’ information, is in many cases, accompanied by a product recommendation.

Well, I’m not selling anything here..

The main defence against hackers, spammers, database failures and even web hosts going broke and disappearing altogether is to do PROPER backups of your website regularly. This means NOT relying on plugins to do this or third party automated software, but doing proper audited backups of all working files and associated databases directly from within cPanel, or whatever hosting system you’re using, and then storing those files in another place. Another place means, on your local hard drive of your computer, a file server (if you have access to one) or on another separate cloud hosting platform. The more important your data is, the more locations you should have backups. It is all about risk mitigation.

Then, if one of the abovementioned happens, the site can be restored, even onto another web host if necessary. The frequency of these backups is dependent on what period of time can be risked to loss. If the site in question is updated every couple of weeks, than once a month might be fine for you or your organisation. If the site in question is a static site, then once a year - along with updates is quite possibly fine. A backup could be scheduled on say a monthly basis, but if a large amount of work has been put into publishing content in between, it would be wise to have an extra backup done straight after publication. 

Some Key Recommendations:

-Do NOT rely on plugins to do your backups, this is a risky practice. Many of these plugins aren’t much more than gimmicks and, in many cases, don’t alert you or pick up issues such as backing up the wrong database attached to the website in question. This can happen inadvertently when dramatic changes are made to your website along the way.

-Do NOT have any more plugins than you really need installed, this helps with both speed and security of a website. The more plugins in place, the more your site has to do when someone visits it.

-Also, do your research to make sure plugins you are installing aren’t in-fact a Trojan horse.

-Keep the core Wordpress (this is the same for other platforms) install up to date. Some of these updates include core security upgrades. Regularly change admin login details for both the website and hosting.

-Delete any unnecessary FTP accounts. Only have FTP accounts active when in use and also have them as restricted as possible.

-If something unusual with the site is noticed, have it investigated straight away. There are a whole bunch of reasons for this. Some of those reasons include not wanting to have visitors to your site see unintended content, but you also don’t want search engines to come across this stuff and penalise your site.

-If your site holds sensitive user information, then extra steps should possibly be required to protect your database from attacks. But again, don’t jump down the easy path of dropping a plugin in that looks like it might do this for you.

Even multi-million dollar websites get attacked from time-to-time, it is how you recover that is the key. Wordpress and other reputable blog or website platforms have their own security mechanisms built in, however, hackers are always improving their skills.

Sometimes, even with the greatest and latest security technology in place, it is still the humble backup and recovery system that saves the day.

No comments:

Post a Comment