Preventing and Fixing a Broken Web -

Picture I took a few years ago of old, broken spider webs in the morning sun.

Before the holidays become busy, is a great time to recheck your web site’s security. It is frustrating but true; the bad guys are always trying to break into websites and servers. There are a variety of reasons for this including:

Bringing a site/server down for political or social reasons
Taking over unused storage space and processing time
Creating tunnels to and from other servers
Stealing client information

After a popular business’s WordPress site was hacked; I thought it would be useful to provide a blog about security for those responsible for existing company websites. While not an exhaustive list, here are some quick suggestions about how to make sure your site is “buttoned up” and secure with some steps on how to recover if your web site becomes broken. The main sections of this blog include:

Keep your site’s software up to date
Add extra security
Have backups
Check in on your web property regularly
Steps to begin fixing a broken web site
Special Notes for Ecommerce sites

If you have questions keep reading and make sure to contact your webmaster, hosting service’s support team, or a professional web development company such as Link to Visibility. Don’t forget to read the bonus section at the end of this blog: Getting it right–from the start.

1. Keep Your Site’s Software Up-to-date

Hackers look for out-of-date software because the code is easier to hack. It is critical to make the following software elements are up-to-date. These elements are listed in the order which changes occur most frequently:

Plugins
Core software
Theme

If a plugin or theme is no longer supported, begin looking for replacements. In addition, old software elements may not be compatible with more recent versions of PHP, MySQL/MariaDb. Conversely, newer plugins and themes may not be compatible with older php and database versions. Either way, combination of old and new site coding often creates problems causing a site to crash. Keeping it all up-to-date is a great way to keep the site secure and stable.

2. Add Extra Security

Plugins like WordFence and WPS Hide Login act like your site’s inhouse bouncers when properly configured. These security plugins allow you to easily:

Change login points
Alert you about logins which might not be authorized
Enforce strong passwords
Block common login names used to attack a site
Throttle or block unwanted activity
Alert you if there are problems on a server or software updates
Hide configuration information
Add a firewall to your site

Some sites can use the free versions of these plugins; higher visibility sites should consider the paid versions which offer extra features and more monitoring.

3. Have Backups

Make sure you regularly backup your website and you know how to find and use them. Backups are your insurance policy against

Software (theme and plugin) issues
Data loss
Hack that corrupt a site and its content

Many hosts offer backups in upgraded (e.g. non basic/entry level) hosting packages. These packages may also offer testing or development sites which can allow you to try new designs or site features in a protected, non-public version of your site. A development site, with current information, may even be the easiest way to restore a site in an emergency. Backups should be a conscious part of your web maintenance.

4. Check In On Your Property

I always encourage site owners to think of their property as “real property” instead of just a bunch of electronic files. Just as you wouldn’t leave a house unwatched for long periods of time, check on your website regularly in both desktop and mobile versions to ensure its proper function and display. One critical time to do this is after you update your plugins because you can check for issues that might have been caused by regular maintenance.

Don’t forget, when you look at your site always make sure that the cache has been recently cleared. Browsers may show a cached version, hiding issues that have cropped up. In addition to clearing any caching plugins you use on your site, another good way to try to force the current version is to add “?nocache=1” to the end of a url, e.g linktovisibility.com?nocache=1. If your site has a search function or store, test those functions too.

Another quick check that many don’t think about is looking at the pages that are indexed on Google. Sometimes hacked materials are cleverly hidden and don’t show up in a quick check. To see what pages have been indexed try:

Search for Site:yourdomain.com
Login to Google’s Search Console and look at Indexing=> Pages
Review your Google analytics

5. Steps to Begin Fixing a Broken Web Site

While it may seem scary to discover your site is down, it is important to not panic. A site that is broken could just mean that a plugin has an error. Take a deep breath and contact your first line of support, your developer or web host. Here are some steps you will need to take to get things back up and running, clean and stable.

Check and change all logins to accounts related to your website.
Try to figure out:
- when things went amuck, e.g. when the hack occurred this will make identifying a good, clean backup easier.
- What the hackers did and how they did it so you can fix the site and prevent future attacks.
Find a backup copy of your site. If you have a hosting package that allows you to have a test site, try it there first to confirm that the backup is good.
Add and carefully configure a security plugin to help prevent future problems
Be aware that sometimes the pages that are created are not visible in your administrative panel. You can see what pages might have been added by looking at the Google site search, analytics or Google Search Console.
Once your cleaned up site has been launched, use Google’s Search Console ask to have the rehabbed site reindexed and request removal of spurious pages.
If users have accounts on your site, you will need to notify them and have them change passwords.

Don’t hesitate to contact a professional web development firm for assistance. Doing a bit of preventative maintenance and planning can minimize your risk of website crashes and hacking. Folks will still try, but their chances of success will be greatly decreased.

6. Special Concerns for ECommerce Sites

If you have an ecommerce site and/or store customer information you should take extra precautions before you get hacked. Not only do you want to ensure your site and customer information is safe, you want to customers to trust you. A safe site supports your brand’s reputation too. Keep your site’s software up-to-date and take additional preventative measures such as:

Using a secure, well-known payment gateway
Protecting customer information and accounts by requiring strong passwords, limiting the information you retain, and making sure that roles/permissions assigned to customer accounts are appropriate
Prevent ecommerce fraud such as chargeback fraud
Prevent spam if allowing user reviews and comments

Bonus Section: Getting it right–from the start.

If you are just beginning the process of creating a website or adding new functionalities keep the following things in mind, in addition to the ideas above.

Pick a reliable host and make sure that you have backups from the beginning.
Make sure that you pick themes and plugins that are from reputable sources which have a proven track records of stability and security.
Don’t use “admin” your company name, or other obvious choices as the administrative login.
Keep track of accounts and their permissions if you have multiple people editing and maintaining a site.
Use secure passwords.
Have an SSL certificate.
Shutdown un-needed features (example: post from an email) and control how forms accept and process data to limit the ways a site can be attacked.

Are you looking for additional assistance or advice?

The Link to Visibility team has a variety of resources to help identify problems and provide solutions to security issues and keeping your site updated.

Learn more by contacting us today. Call 724-698-7861 or use our online form.