What I Learned From Being Hacked

Several years ago I was running a portal website on WordPress. I’d spent a number of years building a respected podcast network featuring about 40 podcasts, all built on WordPress. When I look back I was really pleased with what I was able to build out of WordPress and it’s plugins, but I had a big blind spot.

Wordfence one of the leaders in WordPress security software mentioned in a recent post the method that hackers use to identify a new WordPress installation and prepare it for hacking in the future. Another security provider says that more than 30,000 websites get hacked every day.

Mine was one of those sites that got hacked and they not only defaced my site, they were able to access every other site on the network. It was a devastating blow to my business and my reputation. My closest supporters were understanding but the reputation damage had already been done. People would send me emails asking “was the site really safe?” It was a question – at that point – that I could only guess an answer to. It was such a frustrating and stressful time.

This experience taught me a valuable lesson in security. Hacking often isn’t about you, it’s about the ego of the hacker. The thrill comes from being able to exploit vulnerabilities – it’s about being able to demonstrate how smart the hacker is to their friends, at your expense. Where do these security problems come from? They often come from sites that haven’t been ‘locked down’ or from code that hasn’t been updated.

Even software code written by the best programmers can have flaws which create security holes for hackers to exploit.  When you have a website built on a CMS like WordPress, you’ll see regular updates to core software and plugins. These updates don’t just deliver improved functionality, they plug vulnerabilities as well. That’s why keeping your site updated is so important.

Just like a bully, hackers go for an weak and easy target. They search for security holes that can be easily exploited. They often share information with each other about security vulnerabilities, and then write automated scripts to go out in search of people who haven’t patched the holes.

By taking simple precautions you can make your site a less attractive target for hackers.  With a strong security plugin and by keeping your site updated you can stand up to these online bullies.  It doesn’t mean that you’ll never be attacked or that hackers will not try to disrupt your site, but it will make it harder for them to achieve their goal.

Taking backups that are stored apart from your website will help you if your site is ever compromised. Being well prepared means your site won’t be disrupted for long, when a security event happens. Before you are attacked you should practice restoring your site from backup – so you know how to do it.

If you don’t feel you have the skills to secure your site, you can have peace of mind for just a few dollars each month. Asporea’s WordPress Protection Plan offers daily backups, core updates and plugin upgrades. We also offer a complementary health check to ensure that your site hasn’t been compromised. To find out more check out our WordPress Protection Plans.

WordPress SSL for Free with Let’s Encrypt

SSL Certificates encrypt the connection between your site and your visitor’s browser, preventing hackers from intercepting and stealing personal information. Installing an SSL certificate on your domain name is a great move and now with Let’s Encrypt and Asporea you can get SSL for free.

Historically SSL certificates were difficult to install, and they could cost you upwards of USD 90 a year. It was a cash-cow business for the security industry, and many people were taken for a ride by over inflated prices.
Let’s Encrypt offers a free way of getting many of the same security benefits for your site – without the cost. It’s taken the traditional paid model and turned it on its head with open source. Let’s Encrypt offer certificates for free, and it’s backed by companies like Facebook, Mozilla, Google Chrome, Cisco and Securi. The Let’s Encrypt platform makes installing SSL certificates automatic, simple and free for all.

What is SSL?

SSL (Secure Socket Layer) certificates were invented in 1996 to secure web connections between the website and the visitor. In 1999, improvements ensued, and it transformed to Transfer Layer Security (or TLS). This is still used, although people know it better by the old name.  Browsers with a green https prefix are secured with an SSL certificate.

Websites that accept personal information – like online shopping sites use certificates to prevent hackers from stealing this information.

WordPress sites can benefit from a certificate because of the login page – it is possible for hackers to steal login information from non-secure sites.

About Let’s Encrypt

Let’s Encrypt is run by the Internet Security Research Group (ISRG) and is a registered Certificate Authority. This means it is authorised to issue SSL certificates.

The project wants to secure the entire web. Let’s Encrypt works by allowing you to install a certificate, adding a couple of commands via Shell Access and installing Let’s Encrypt Automatic Certificate Management Environment client.  Certificates are installed almost immediately.

Now included with Asporea cPanel hosting

Now, clients with Asporea can quickly add Let’s Encrypt certificates directly from their control panel. This functionality allows you to secure any domain in your hosting environment almost immediately.  Certificates will renew automatically, and sites will be secure in minutes.

To find out more about our cPanel hosting plans, visit https://asporea.hosting.  For 25% off your hosting, subscribe to our blog. All subscribers receive this discount for the life of their purchase.

WordPress and WHMCS integration by i-Plugins