Due to the fact that a large percentage of websites are being updated by way of Content Management Systems (CMS), hackers have now focused their attention on these systems. This is also the result of the fact that if they manage to find a security weakness in one of these systems, they can gain access to a large number of websites that use that particular system. For example, if they find a weakness in a Joomla (a Content Management System), then they could exploit that weakness, via malware, on a large number of websites that use that Content Management System. In order to protect your website from such malware, all you have to do is to ensure that you follow these 5 steps:
- Keep the CMS program that you‘re using, up to date.
If you‘re website is using of these CMS programs you must keep it up to date at all times. However, this is not enough. If there are any plugins attached to the core program, you will need to update them as well. Software that is not up to date is prone to hacking. Updates are meant to patch the weak parts of a program, so malware that is meant to exploit those weaknesses is rendered useless.
2. Protect your Admin area
Passwords like p4ssw0rd are useless. There is a reason for which you see so many people saying not to use easy to guess passwords. The reason is that they are easy to guess. Your name followed by your birthday or your daughter‘s name followed by her birthday, and so on, are not hard to guess passwords. If you don‘t want to use a software that creates hard to guess/find passwords, then create a password that contains numbers and numbers (this is to increase the time needed to break the password), try to use a language other than English if you know any (this is because most programs that are meant to break your password faster than the normal programs, have English written libraries; if they don‘t know the language in which you wrote the password, the chances that they‘ll find it is reduced considerably)and make it at least 18 characters long (the longer the password the longer it takes to break it; if you make a password longer than 18 characters, the hacker might need 100+ years to break it). Also, in addition to the steps above, you can also create a htaccess authentication. This is a security measure at server level and it encrypts your password making it even harder to break your password 3. Close services that you don‘t use and secure you File Transfer Protocol (FTP)
The hosting company where you are hosting your website might not be very well protected. For example, services like SSH and FTP must be closed if you don‘t use them. Also, port 21 on your FTP program must be closed and try to use only Secure FTP.
4. Create a backup
And in case that you have been hacked, you can employ one of the backup tools available on the market that can restore a previous, uninfected, version of your website. For example, Backup Buddy is a plug-in that will create WordPress website back-ups and send the back-ups to off-site locations like Dropbox. For Joomla, you can use Akeeba Backup. It does exactly the same thing like Backup Buddy.