Online identify theft is something most people don’t consider. It happens overnight and it takes a lot of time and effort to undo and recover your website or online identity. In some cases, you never recover it like on Facebook, Twitter or other social media accounts.
Internet Marketing Inc. has recently received many requests to investigate and repair websites and online identities that have been attacked. While doing the research and repair on these websites, I have discovered several simple settings, that if corrected, could have prevented these websites from ever being attacked. This information could help any of you on a personal level as well as professionally and should apply to all your online accounts:
1. Never use “easy to break” username and password combinations like: webmaster/admin or admin/admin or passwords like: password, god, 123456, abcdefg, etc.
2. Never use birthdays, anniversaries or phone numbers that might be public information and can be linked back to your website or account – keep in mind that many accounts use your email as the login, so it only takes a little guessing to try a few basic passwords to hack your account.
3. I highly recommend using a password that is a minimum of 8 characters and contains at least one symbol and one or two numbers (for even more secure password, use at least one capital letter) sample: Pass@2010! Be creative, sometimes a tough password can be easy to remember like g0gr33n!.
4. Change all passwords on all accounts (FTP, CMS, CPanels, server/hosting access, etc.) after a website goes live (even if the developer is your best friend) – always check with the development person or team to ensure any password changes will not affect the live site – typically, only changing a database password will affect the live website. If it’s necessary for a developer to access a website after it has gone live, setup a special FTP account and then remove it once they’re done. This limits the number of possible risks and allows for ease of finding the source once an attack occurs.
5. For Joomla or WordPress websites – always keep them updated with the most recent release (if possible – in some cases, older plugins may break on running updates – always double check and backup your work).
a. WordPress has a great article called “Hardening WordPress” that you can implement for extended protection from outside attacks.
6. If you have a respectable server/hosting account, pay a little extra for server antivirus protection. In most cases, it’s a free add-on, but if not, it’s usually only a few dollars extra per month. What’s your time worth to avoid having to restore your website after it has been compromised.
7. Limit FTP accounts and CMS access (wordpress, joomla, etc.). For CMS, take advantage of user-level security options. Not everyone needs to have admin rights to a wordpress installation.