Hacker breaks security to crash Laptop Computer piecesIf you’ve ever been hacked or had a hard drive fail you’ll know how inconvenient and costly it can be. Worse still, if you haven’t backed up you could lose everything.

Fortunately there are tons of services out there to prevent the worst happening and to also make sure you get things back to normal ASAP should the worst happen. By following just a few simple rules we can all keep our sites and software secure and make sure if the worst should happen, everything can be put back to normal with little effort.

In this blog post I hope to help to become a little bit more security conscious and hopefully help save you time and heartache if the worst should you fall victim to a hacker or a hard drive failure.

But before we begin I want to ask you a few questions.

How often do you back up your computer and websites?

Do you ever back up your computer and your websites? If so, how often? I know a lot of people who rarely back up their files and sites, and also some people who don’t back up their stuff at all, and one of the first things I teach all of my students is to always back up your work, life can throw up all sorts of surprises and it is always reassuring to know that if your sites get hacked or your computers hard drive gets fried, that you will be able to grab your back up and have all of your files and sites back in no time.

If all of your websites disappeared tomorrow could you get them back online?

Picture this, you wake up tomorrow morning, log into your computer, load up your blog, or sales page, or squeeze page and you find a blank page with an error message, you check another page on a different site and find the same thing, and the same on all of your sites. Could you get them all back online, if at all, how long would it take you?

What if your websites got hacked and came under attack?

Do you think you would be able to stop the attack before anything got deleted or ruined, do you have any security software in place to minimise the damage a hacker could do? Believe me this can happen and has happened to me in the past, if someone hacks your websites, sometimes they will just replace the home page with a page displaying some sort of link or message relating to their product or service, or even a political, religious or racial cause/views. However, some malicious hackers will simply hack into your server or site, and delete everything they can. If this happened to you, what would you do?

What if your hard drive failed right now?

What if, as you were reading this blog post, your computer simply shut down and wouldn’t turn back on? what if you take your computer to a computer store and they say they can’t recover the data from the hard drive? What would you do?

If you struggled to answer any of the questions above then the chances are you don’t have adequate plans in place to protect or recover your work if the worst should happen. 

So what can we do to protect our work and our websites?

Back up your files to several different external locations.

You should back up your computer and websites to at least 2 different locations, and I don’t just mean on different files on your computer, I mean 2 different geographical locations. I actually back up to 4 different locations. I have a back up of all of the files on my computer at my office and I have a back up of all of my files at my home, both using a piece of hardware/software for Mac computers called Time Machine/Time Capsule. I also back up to an external hard drive and and online cloud service called Dropbox.

No one wants to talk about this sort of thing, but what if your home were to be damaged in a fire and your computer was destroyed, although it wouldn’t be the first of your worries, in time you would want that work back. But if you don’t have it backed up somewhere else, it’s gone forever. So make sure you back up your files and store the back up in more than one location. A simple external hard drive with a 1 TB capacity can be purchased for around $50, so eve just grabbing a couple of those, backing up your files and putting the hard drives in different places would be better than nothing.

Keep up to date.

Make sure you websites, scripts and anti virus sofware are kept up to date. A ton of hacks occur because of outdated plugins or scripts, particularly with WordPress. So make sure everything is up to date on a regular basis. Most of the time you will be notified when script are available but I would still recommend manually checking every week. Just make a note of all websites that use scripts, databases, php, etc and you should have no issues.

Backup your websites on a regular basis.

You also should be backing up your websites regularly too, most good web hosts will run regular backups of your server but don’t just rely on them to do their backup’s. Maybe once a week just go in and download everything you have online via FTP and store them, again, on an external hard drive. So if the worst should happen, you will have a copy of all of your sites. Personally, I have a back up of every single site I have online, so I know, if one or all of them disappeared tomorrow and for some reason my web host not restore them, I would be able to get them back online.

Every time you update your website or product, back it up.

Every time I release a new weeks training on any of my programs, I back up the site, I use a program called WP Twin for my WordPress sites (more on that later) which basically copies the whole site and creates a downloadable file which you can store anywhere you like. So literally everything on the site is backed up, the files, the settings, the members, the pages. Everything. Guess what I did with this blog right before I published this post? That’s right, I backed it up with WP Twin.

Use more than one back up service.

There are tons and tons of online back up services out there, Dropbox is a great place to start and there is nothing wrong with using 2 or 3 different services for extra peace of mind. There is a simple reason for this, what happens if you have all of your files backed up with an online service and their servers get hacked. You wouldn’t be able to get access to your files and if it was an emergency, you’d be screwed. So try to use more than one service and always plan for the worst case scenario.

Back up Tools & Services That I Use

Time Machine & Time Capsule.

The time capsule is the physical hard drive which connects to your computer via wifi, and time machine is the software on my Mac that sets up everything to automatically back up, every single hour of the day my computers are backed up. So I can go back to specific hours of specific days to get work back that I maybe messed up or lost. It can be very easy to accidentally delete something, so it is always nice to know that if you do, you can go back and get whatever it is you’ve deleted. And of course all of my files are backed up to Dropbox too. 

Windows Back up & File Back up.

If you are using a windows machine, then their operating systems have automated back up features and file restoration software built in, so check you user manual or set up guide or simply Google how to set these up. I find they do not work as well as the Mac versions mentioned above and they are missing some features of the Mac versions, but they serve their purpose nonetheless.

Online Backup Services.

As I mentioned before there are tons and tons of online back up services, just  search Google and you’ll find plenty to chose from, I’m afraid I can not recommend any of them other than Dropbox as that is the only one I have used but there are tons of services that will automatically back up your data.

External Hard Drives.

Again as I have already mentioned, external hard drives are cheap and easy to come by and are invaluable when it comes to keeping your data safe, I would advise you back up to at least 2 of these and possibly more if you can afford them. Also try to just use your external hard drive for back ups only, for example, I have a lot of my music on an external hard drive but separate to the hard drive I use to back up. Just use back up hard drives for back ups only, and maybe even keep it labelled so your family or friends know not to use it for anything else.

Other Servers.

You can create a folder called ‘backups’ on one server and copy everything over from your other server to act as a back up. This won’t do any harm what so ever and most hosting companies will include more than enough file space. You could also use Amazon S3, I use Amazon S3 to store my videos, so they are already sort of backed up as they are on Amazon S3. Google Drive is also another option.

Security Tools & Services That I Use

Sucuri.

Sucuri is an online alert system and protection system, you can set it up to alert you if anything bad is happening or even totally lock your site down if something very bad is happening. I have also now set it up so that on some of my sites, my members have to go through a Sucuri proxy server before they can access my sites. So Sucuri can monitor the traffic that goes to that site and if any vulnerabilities happen or anything bad starts to happen, they can stop it straight away. They can also repair any damage that may get done to your site and any vulnerable spots where hackers may be able to get in. Sucuri isn’t cheap but for the peace of mind it brings it’s worth every penny.

WP Twin.

Wp Twin is a service for WordPress sites, that when set up, can clone your whole site, so that if you needed to you could simply deploy the clone, and absolutely everything on the site will be as it was when it was cloned. WP Twin turns the clone into a file which you can download and store wherever you like, as I mentioned before I clone my important sites once a week or whenever I make a big change and I have all of the separate clone files saved with my back ups.

Passwords

You don’t need me to tell you that you have to be very careful when it comes to using passwords, however I know that a lot of people are not security conscious when it comes to using passwords. Here’ssome tips to make sure your passwords stay safe.

Password management.

With so many passwords to remember I’d be lost if I didn’t use a password management service. 1 Password is a cross platform piece of software that I have on all of my devices, which can save your login details for websites which then get encrypted and stored on a secure server. It is a great password management tool and I would be lost without it. Having a system which can save all of your passwords in one place is invaluable and is certainly easier and safer than carrying a little black book with all of your password and details. However, I never use any password management system for my most important logins such as Paypal, banking, eBay, Facebook, etc. All of those passwords are stored in my head and no one else knows them.

Don’t share passwords.

This should go without saying, but do not share your passwords with anyone, this applies to everything from bank details to Facebook passwords. No matter how well you know or trust a person you should always be weary about sharing passwords and details with them. The primary reason is that if you’re sharing details with someone via email, it can be very easy for someone to intercept that email and learn your login details. If you absolutely have to share passwords and details with someone, try not to do it over email and try not to mention what the details are for in the same document. E.g. Don’t say, “Hi Bob, here are my details for [site name].”

If I have to do this I generally send the username via email and the password via text message.

Use different passwords.

Try to use different password for all of your sites, or at least for all of your very important sites, I am not going to ask you to memorise 100 passwords but having different passwords for everything means that if someone managed to learn your password for one site, they wouldn’t be able to use the same one to access another site, and you can be dammed sure they’ll try.

Use strong passwords.

Passwords like qwerty123 and pass1234 are close to useless, anyone trying to access your stuff is bound to try those sort of passwords first, now obviously you’ll never be able to remember a 20 digit password with symbols, lower case, upper case and numbers, but try to use words and phrases that are unique to you or just totally random words, as long as you’ll be able to remember it if you need to.

Use a 2 step login process. (Also known as 2 step Authentication)

This is something I am starting to see more and more of,  a 2 step login process will ask you for your password and then it will ask you to confirm a passcode via a text message sent to your cellphone. Google uses this service if you try login to Google on a new device, it will ask you to enter a passcode that will be sent to your cell phone number. Thereby ensuring that it is indeed you who is trying to access your account. Microsoft are also doing this sort of thing now and a lot of the big companies are starting to use similar systems. Facebook has a similar system where you need to enter a code from the Facebook app on your cell phone if you login on a new machine. It’s all very clever and adds a high level of security. Now obviously you don’t want to be doing all of this every time you log in to these sites from the same devices but it is good for that added security if someone was to try to access your account.

In conclusion, what I want you to take away from this blog post is that it is always wise to imagine the worst case scenario when it comes to online security, never think that it wont happen to you and that no hackers would want to target you. Ask yourself ‘what if’. What if your sites disappeared? What if your computer was destroyed? What if that important password was hacked.

Never click links in emails.

Tons of hacks occur from phishing emails. This is where an email looks like it’s genuine but isn’t. That email telling you your bank account has been compromised probably isn’t real but even if it were you should make it a habit never ever click a link in an email to login to any website. Always type the address in your browser to be sure.

Finally, you haven’t won the Microsoft lottery and the King of Nigeria isn’t going to send you $1000,00000,00000 if you reply to his email.

And to be honest if you fall for stuff that you have no chance of staying secure online.

By taking common sense precautions and becoming more vigilant hopefully you’ll never go through the distress a hacking scenario can cause. I guess you know most of what I have covered but if I have made you be a little more aware then I have done my job 🙂

I’d love you to share your comments, tips and experiences so if you can add anything to what I have already covered please share your experiences.

sucuri468x60-1


    14 replies to "Hacked"

    • Steve Thomas

      Hey John,
      Great Post on this. I find security is generally left as a last resort for people because they never think this will happen to them, that is of course until the day that it does and they only wished that they had backed everything up.

      It happened to me when I was using a shared hosting option with a well known provider and although I always write my blog posts or page content into a word document and saved that to my PC before uploading to my site, it still didn’t help that much when I lost everything on the site. I had months of posts on my hard drive but had to put them all back up one by one which was a real nightmare.

      I’ve since moved my hosting over to WPEngine and have their added feature of daily backups with a 1 click feature to revert to a restore point. Backups are made every day and are kept for 60days. I’ve never had an issue with hacking since being with WPEngine which suggests they are very much on top of any threats that are made towards sites that they host.

      Just as you use Amazon S3, I’ve got a cloud files storage facility with Rackspace and it is ridiculously cheap, just 7p per GB of storage and this can hold whatever file type you want to put in there. My bill is literally a few £’s a month.

      I also use combination of WANGuard and Wordfence on a number of other sites too and am yet to face problems with either of those protecting the sites.

      Keep the great information coming!

      Oh and by the way, I miss the Monday morning rants! I want to start a petition to get them going again!

      All the best,
      Steve

    • zora

      Thanks John, those are some good ideas on way to backup your content.I had not thought about using dropbox like that.

      Regards
      Zora Blume

    • Terry Conti

      Hey John you never fail to give quality information that people can actually use. I really liked reading your post because if someone thinks they know they are secure; after reading your post will become more educated and better protected.

      I know I got reminded about a few things to add security. Love what you said about emails. You can’t be too loose clicking on links to log in to other websites.

      I love the the 2 key words about what your blog post is all about and that is common sense. Most marketers out there will not think about the worst. Great useful post!

    • alan jones

      John
      What course of action do you suggest if your e-mail address book gets hacked and contacts keep getting mails appearing to be from you. Obviously you do not want them to delete you in order to stop the flow?

    • darren walsh

      Great post John this is all I am hearing lately sites getting hacked! You provide some useful solutions which I will be implementing myself.

      Many thanks

    • Torsten Müller

      Hey John,

      unfortunately people don’t always think about security and backups, so it can’t be said often enough how important it is.

      With just a few tools one can be on the safe side and protect their most valuable assets from being lost forever. And the best is it can be all automated.

      I am doing regular backups of my local data on an external hard drive and of my websites to Dropbox with a WordPress plugin.

      For security I use a WordPress plugin that helps to protect the blog and locks gremlins out after suspicious behaviour.

      It is unbelievable how many regular attacks I can see in the log files.

      Cheers,
      Torsten

    • Kerry Russell

      Hey John.

      Just goes to show that those dirty little gremlins can hack any one of us, at any time.

      I always install WordPress manually now for added security. 1 click software’s like Fantastic are the fastest and easiest way to install WordPress…

      BUT they also leave your site vulnerable to hackers because the installation settings are easier to guess.

      And since my site was hacked earlier this year I’m now using Wordfence. Already, it’s saved my site several times.

      Thanks
      Kerry Russell

    • Tim

      Nice one John, you’ve given tips for other systems & ideas I can employ in addition to ones I currently use.

      Cheers
      Tim

    • Kevin Baker

      Hi John,

      i don’t know how many times i have had to “rescue” clients because of a poor attitude to basic security. The it’ll never happen to me syndrome drives me crazy but at the same times it makes me a ton of money.

      Security is not hard but it does require the right tools, attitude and more than anything basic awareness of the real threat.

      great post, with solid tips on staying aware. I use most of the tools you have mentioned, plus a few you won’t even know about. But thats my business and i’m good and dedicated to it.

      Kevin

    • Donald MacLeod

      Hi John,

      I don’t back up often enough. It’s time I did. Great post John.

      Donald

    • Brad

      Great post, John.

      The best thing anyone can do to practice security, even after using all the tips or resources in this post, is to not become complacent and foolishly believe that they are fully protected and their system is impenetrable. It doesn’t matter if you use a Mac or a PC. Technology s advancing everyday for the bad guys as well as for the good guys. Don’t think for a minute that just because you locked one door that they won’t look for another door and another door and another door. The work is often very rewarding if they are successful so the hacker doesn’t give up easily. Unfortunately, it is their business.

      If a computer store ever told me that they could not fix my computer or recover my data it would not surprise me at all. I certainly would not take their word as gospel. Of course, I haven’t found a computer store that I would trust with my computer and my data and I haven’t found one that is more competent that I am in retrieving data. We have recovered much data that “computer stores” said that they could not recover. We have started computers that “computer stores” could not start. To each their own, but a computer store has not and will not ever lay one finger on my computer.

      One of the most important things that anyone can do that you did not mention is to create an emergency rescue or boot disk for their computer. This disk can often save you hours of headaches and hundreds of dollars.

      Practicing security is not a one and done deal. Don’t believe that you can set it and forget it. You can but it could be devastating to your data and your business.

    • Cararta

      Hi John,

      Great guide for beginning to explore the Website Security Problem.

      I have and use several of your solutions, including an external hard drive, but I have mixed saved programs etc. into the storage. But it did come in handy when my old computer died, was able to move it and continue working because I had even saved what I needed to install the programs on another computer.

      I love Wp Twin, but I have another program called Backup Creator (featured on front page of my site)that is a newbies dream. I had a problem navigating S3 setup and requested a video from BC creator on how to do. Instead he added cloud (and some free storage) into the plugin..which by the way you can program to do backups automatically and store where you want stored (drop box, Google, S3) and even notify you with an email! Greatest love is how simple to use. Install the plugin (just like any other WP plugin), click back up, store and done. Love it! I have even moved working WP sites with just a few clicks to new domains and even new servers. No Geeky programming required.

      Several of my sites use a theme that have Timthumb coded in and running. But it is easy to download the scanner from http://wordpress.org/plugins/timthumb-vulnerability-scanner/ and fix. Unfortunately before I knew this…had an unwelcome visitor who was able to quietly hack several of my shared hosted domains and exploited sites for their own use. Turned out to be another user on our shared hosting. A nightmare. But HG security scanned and fixed the problem, but I had to remove the theme and reinstall later.

      Like Kerry Russell I am now trying to manually install WP, but on my old sites I use BPS a Wp plug (free from Wp.org) to fix part of the problem, and another one called WP security plus that does the rest. Wordfence is great but uses a lot of CPU so I install, use and remove so I don’t get closed down again for excessive cpu use.
      Sorry post is so long, but when it comes to security and finding something you can use without being a geek..then having a good SECURELY stored working backup copy of your site is your greatest security as BC creator will tell you over and over!
      Don’t know what happened, ended up with two comments..comes from having to many windows and tabs open….guess delete the one you don’t want!

      Thanks, enjoyed post, a needed reminder unless you want Guicc Bags or those famous sunglasses showing in your AWstats as your main SERPS….which is what I noticed and couldn’t figure out the why. Hacked is why thru an old version of Timthumb being used by a theme on my site according to HG after a security scan.

    • franco

      Thanks for your great tips ,on saving the website text from losing them , for me I use two pc , that is at my office and at my home.I think incase my website disappear , at lease it will be saved in one of my PC.Another suggestion is to save all your valuable document (text) in pen-drive, it will be safe there.

    • Matthew Crump

      Hey John,

      Great Post on a Hot Topic at the moment with all the Infected and hacked WordPress Sites.

      I myself am Guilty of NOT Backing up my Sites Offered Enough which i need to take Care off and back those Bad boys up and this post has reminded me why i need to do it more often.

      Thanks for the great tips and resources Mate

      -Matthew

Leave a Reply to darren walsh Cancel Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.