{"id":2981,"date":"2014-07-05T22:03:44","date_gmt":"2014-07-05T22:03:44","guid":{"rendered":"http:\/\/www.johnthornhill.com\/blog\/?p=2981"},"modified":"2014-07-06T08:16:17","modified_gmt":"2014-07-06T08:16:17","slug":"ever-been-hacked","status":"publish","type":"post","link":"https:\/\/www.johnthornhill.com\/blog\/ever-been-hacked\/","title":{"rendered":"Hacked"},"content":{"rendered":"

\"Hacker<\/a>If you\u2019ve ever been hacked or had a hard drive fail you\u2019ll know how inconvenient and costly it can be. Worse still, if you haven\u2019t backed up you could lose everything.<\/p>\n

Fortunately there are tons of services out there to prevent the worst happening and to also make sure you get things back to normal ASAP should the worst happen. By following just a few simple rules we can all keep our sites and software secure and make sure if the worst should happen, everything can be put back to normal with little effort.<\/p>\n

In this blog post I hope to help to become a little bit more security conscious and hopefully help save you time and heartache if the worst should you fall victim to a hacker or a hard drive failure.<\/p>\n

But before we begin\u00a0I want to ask you a few questions.<\/p>\n

How often do you back up your computer and websites?<\/strong><\/p>\n

Do you ever back up your computer and your websites? If so, how often? I know a lot of people who rarely back up their files and sites, and also some people who don\u2019t back up their stuff at all, and one of the first things I teach all of my students is to always back up your work, life can throw up all sorts of surprises and it is always reassuring to know that if your sites get hacked or your computers hard drive gets fried, that you will be able to grab your back up and have all of your files and sites back in no time.<\/p>\n

If all of your websites disappeared tomorrow could you get them back online?<\/strong><\/p>\n

Picture this, you wake up tomorrow morning, log into your computer, load up your blog, or sales page, or squeeze page and you find a blank page with an error message, you check another page on a different site and find the same thing, and the same on all of your sites. Could you get them all back online, if at all, how long would it take you?<\/p>\n

What if your websites got hacked and came under attack?<\/strong><\/p>\n

Do you think you would be able to stop the attack before anything got deleted or ruined, do you have any security software in place to minimise the damage a hacker could do? Believe me this can happen and has happened to me in the past, if someone hacks your websites, sometimes they will just replace the home page with a page displaying some sort of link or message relating to their product or service, or even a political, religious or racial cause\/views. However, some malicious hackers will simply hack into your server or site, and delete everything they can. If this happened to you, what would you do?<\/strong><\/em><\/p>\n

What if your hard drive failed right now?<\/strong><\/p>\n

What if, as you were reading this blog post, your computer simply shut down and wouldn\u2019t turn back on? what if you take your computer to a computer store and they say they can\u2019t recover the data from the hard drive? What would you do?<\/p>\n

If you struggled to answer any of the questions above then the chances are you don\u2019t have adequate plans in place to protect or recover your work if the worst should happen.\u00a0<\/em><\/strong><\/p>\n

So what can we do to protect our work and our websites?<\/h3>\n

Back up your files to several different external locations.<\/span><\/strong><\/p>\n

You should back up your computer and websites to at least 2 different locations, and I don’t just mean on different files on your computer, I mean 2 different geographical locations. I actually back up to 4 different locations. I have a back up of all of the files on my computer at my office and I have a back up of all of my files at my home, both using a piece of hardware\/software for Mac computers called\u00a0Time Machine\/Time Capsule<\/a>. I also back up to an external hard drive and and online cloud service called Dropbox<\/a>.<\/p>\n

No one wants to talk about this sort of thing, but what if your home were to be damaged in a fire and your computer was destroyed, although it wouldn’t be the first of your worries, in time you would want that work back. But if you don’t have it backed up somewhere else, it\u2019s gone forever. So make sure you back up your files and store the back up in more than one location. A simple external hard drive with a 1 TB capacity can be purchased for around $50, so eve just grabbing a couple of those, backing up your files and putting the hard drives in different places would be better than nothing.<\/p>\n

Keep up to date.<\/strong><\/p>\n

Make sure you websites, scripts and anti virus sofware are kept up to date. A ton of hacks occur because of outdated plugins or scripts, particularly with WordPress. So make sure\u00a0everything is up to date on a regular basis. Most of the time you will be notified when script are available but I would still recommend manually checking every week. Just make a note of all websites that use scripts, databases, php, etc and you should have no issues.<\/p>\n

Backup your websites on a regular basis.<\/span><\/strong><\/p>\n

You also should\u00a0be backing up your websites regularly too, most good web hosts will run regular backups of your server but don\u2019t just rely on them\u00a0to do their backup\u2019s. Maybe once a week just go in and download everything you have online via FTP and store them, again, on an external hard drive. So if the worst should happen, you will have a copy of all of your sites. Personally, I have a back up of every single site I have online, so I know, if one or all of them disappeared tomorrow and for some reason my web host\u00a0not restore them, I would be able to get them back online.<\/span><\/p>\n

Every time you update your website or product, back it up.<\/span><\/strong><\/p>\n

Every time I release a new weeks training on any of my programs, I back up the site, I use a program called WP Twin<\/a> for my WordPress sites (more on that later) which basically copies the whole site and creates a downloadable file which you can store anywhere you like. So literally everything on the site is backed up, the files, the settings, the members, the pages. Everything. Guess what I did with this blog right before I published this post? That’s right, I backed it up with WP Twin<\/a>.<\/span><\/p>\n

Use more than one\u00a0back up service.<\/span><\/strong><\/p>\n

There are tons and tons of online back up services out there, Dropbox<\/a> is a great place to start and there is nothing wrong with using 2 or 3 different services for extra peace of mind. There is a simple reason for this, what happens if you have all of your files backed up with an online service\u00a0and their servers get hacked. You wouldn\u2019t be able to get access to your files and if it was an emergency, you\u2019d be screwed. So try to use more than one service and always plan for the worst case scenario.<\/span><\/p>\n

Back up Tools & Services That I Use<\/b><\/span><\/h3>\n

Time Machine & Time Capsule.<\/span><\/strong><\/p>\n

The time capsule is the physical hard drive which connects to your computer via wifi, and time machine is the software on my Mac\u00a0that sets up everything to automatically back up, every single hour of the day my computers are backed up. So I can go back to specific hours of specific days to get work back that I maybe messed up or lost. It can be very easy to accidentally delete something, so it is always nice to know that if you do, you can go back and get whatever it is you\u2019ve deleted. And of course all of my files are backed up to Dropbox<\/a> too.\u00a0<\/span><\/p>\n

Windows Back up & File Back up.<\/span><\/strong><\/p>\n

If you are using a windows machine, then their operating systems have automated back up features and file restoration software built in, so check you user manual or set up guide or simply Google how to set these up. I find they do not work as well as the Mac versions mentioned above and they are missing some features of the Mac versions, but they serve their purpose nonetheless.<\/span><\/p>\n

Online Backup Services.<\/span><\/strong><\/p>\n

As I mentioned before there are tons and tons of online back up services, just \u00a0search Google and you\u2019ll find plenty to chose from, I\u2019m afraid I can not recommend any of them other than Dropbox<\/a> as that is the only one I have used but there are tons of services that will automatically back up your data.<\/span><\/p>\n

External Hard Drives.<\/span><\/strong><\/p>\n

Again as I have already mentioned, external hard drives are cheap and easy to come by and are invaluable when it comes to keeping your data safe, I would advise you back up to at least 2 of these and possibly more if you can afford them. Also try to just use your external hard drive for back ups only, for example, I have a lot of my music on an external hard drive but separate to the hard drive I use to back up. Just use back up hard drives for back ups only, and maybe even keep it labelled so your family or friends know not to use it for anything else.<\/span><\/p>\n

Other Servers.<\/span><\/strong><\/p>\n

You can create a folder called ‘backups’ on one server and copy everything over from your other server to act as a back up. This won\u2019t do any harm what so ever and most hosting companies will include more than enough file space. You could also use Amazon S3<\/a>, I use Amazon S3 to store my videos, so they are already sort of backed up as they are on Amazon S3. Google Drive<\/a> is also another option.<\/span><\/p>\n

Security Tools & Services That I Use<\/b><\/span><\/h3>\n

Sucuri.<\/span><\/strong><\/p>\n

Sucuri is an online alert system and protection system, you can set it up to alert you if anything bad is happening or even totally lock your site down if something very bad is happening. I have also now set it up so that on some of my sites, my members have to go through a Sucuri<\/a> proxy server before they can access my sites. So Sucuri<\/a> can monitor the traffic that goes to that site and if any vulnerabilities happen or anything bad starts to happen, they can stop it straight away. They can also repair any damage that may get done to your site and any vulnerable spots where hackers may be able to get in. Sucuri<\/a> isn’t cheap but for the peace of mind it brings it’s worth every penny.<\/span><\/p>\n

WP Twin.<\/span><\/strong><\/p>\n

Wp Twin is a service for WordPress sites, that when set up, can clone your whole site, so that if you needed to you could simply deploy the clone, and absolutely everything on the site will be as it was when it was cloned. WP Twin<\/a> turns the clone into a file which you can download and store wherever you like, as I mentioned before I clone my important sites once a week or whenever I make a big change and I have all of the separate clone files saved with my back ups.<\/span><\/p>\n

Passwords<\/h3>\n

You don’t need me to tell you that you have to be very careful when it comes to using passwords, however I know that a lot of people are not security conscious when it comes to using passwords. Here’ssome tips to make sure your passwords stay safe.<\/p>\n

Password\u00a0management.<\/span><\/strong><\/p>\n

With so many passwords to remember I’d be lost if I didn’t use a password management service. 1 Password<\/a> is a cross platform piece of software that I have on all of my devices, which can save your login details for websites which then get encrypted and stored on a secure server. It is a great password management tool and I would be lost without it. Having a system which can save all of your passwords in one place is invaluable and is certainly easier and safer than carrying a little black book with all of your password and details. However, I never use any password management system for my most important logins such as Paypal, banking, eBay, Facebook, etc. All of those passwords are stored in my head and no one else knows them.<\/em><\/strong><\/span><\/p>\n

Don\u2019t share passwords.<\/span><\/strong><\/p>\n

This should go without saying, but do not share your passwords with anyone, this applies to everything from bank details to Facebook passwords. No matter how well you know or trust a person you should always be weary about sharing passwords and details with them. The primary reason is that if you\u2019re sharing details with someone via email, it can\u00a0be very easy for someone to intercept that email and learn your login details. If you absolutely have to share passwords and details with someone, try not to do it over email and try not to mention what the details are for in the same document. E.g. Don\u2019t say, \u201cHi Bob, here are my details for [site name].\u201d<\/span><\/p>\n

If I have to do this I generally send the username via email and the password via text message.<\/p>\n

Use different passwords.<\/span><\/strong><\/p>\n

Try to use different password for all of your sites, or at least for all of your very important sites, I am not going to ask you to memorise 100 passwords but having different passwords for everything means that if someone managed to learn your password for one site, they wouldn’t be able to use the same one to access another site, and you can be dammed sure they\u2019ll try.<\/span><\/p>\n

Use strong passwords.<\/strong><\/p>\n

Passwords like qwerty123 and pass1234 are close to useless, anyone trying to access your stuff is bound to try those sort of passwords first, now obviously you\u2019ll never be able to remember a 20 digit password with symbols, lower case, upper case and numbers, but try to use words and phrases that are unique to you or just totally random words, as long as you’ll be able to remember it if you need to.<\/span><\/p>\n

Use a 2 step login process. (Also known as 2 step Authentication)<\/strong><\/p>\n

This is something I am starting to see more and more of, \u00a0a 2 step login process will ask you for your password and then it will ask you to confirm a passcode via a text message sent to your cellphone. Google uses this service if you try login to Google on a new device, it will ask you to enter a passcode that will be sent to your cell phone number. Thereby ensuring that it is indeed you who is trying to access your account. Microsoft are also doing this sort of thing now and a lot of the big companies are starting to use similar systems. Facebook has a similar system where you need to enter a code from the Facebook app on your cell phone if you login on a new machine. It’s all very clever and adds a high level of security. Now obviously you don\u2019t want to be doing all of this every time you log in to these sites from the same devices but it is good for that added security if someone was to try to access your account.<\/p>\n

In conclusion, what I want you to take away from this blog post is that it is always wise to imagine the worst case scenario when it comes to online security, never think that it wont happen to you and that no hackers would want to target you. Ask yourself \u2018what if\u2019. What if your sites disappeared? What if your computer was destroyed? What if that important password was hacked.<\/p>\n

Never click links in emails.<\/strong><\/p>\n

Tons of hacks occur from phishing emails. This is where an email looks like it’s genuine but isn’t. That email telling you your bank\u00a0account has been\u00a0compromised probably isn’t real but even if it were you should make it a habit\u00a0never ever click a link in an email to login to any website<\/strong>. Always type the address in your browser to be sure.<\/p>\n

Finally, you haven’t won the Microsoft lottery and the King of Nigeria isn’t going to send you $1000,00000,00000 if you reply to his email.<\/strong><\/p>\n

And to be honest if you fall for stuff that you have no chance of staying secure online.<\/p>\n

By taking common sense precautions and becoming more vigilant hopefully you\u2019ll never go through the distress a hacking scenario can cause. I guess you know most of what I have covered but if I have made you be a little more aware then I have done my job \ud83d\ude42<\/span><\/p>\n

I\u2019d love you to share your comments, tips and experiences so if you can add anything to what I have already covered please share your experiences.<\/span><\/p>\n

\"sucuri468x60-1\"<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

If you\u2019ve ever been hacked or had a hard drive fail you\u2019ll know how inconvenient and costly it can be. Worse still, if you haven\u2019t backed up you could lose…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[8,12],"tags":[],"class_list":["post-2981","post","type-post","status-publish","format-standard","hentry","category-general","category-internet-marketing"],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p2rQRH-M5","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.johnthornhill.com\/blog\/wp-json\/wp\/v2\/posts\/2981","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.johnthornhill.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.johnthornhill.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.johnthornhill.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.johnthornhill.com\/blog\/wp-json\/wp\/v2\/comments?post=2981"}],"version-history":[{"count":0,"href":"https:\/\/www.johnthornhill.com\/blog\/wp-json\/wp\/v2\/posts\/2981\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.johnthornhill.com\/blog\/wp-json\/wp\/v2\/media?parent=2981"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.johnthornhill.com\/blog\/wp-json\/wp\/v2\/categories?post=2981"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.johnthornhill.com\/blog\/wp-json\/wp\/v2\/tags?post=2981"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}