![\"Photo](\"http:\/\/moonpupproductions.com\/wp-content\/uploads\/2016\/11\/photo-1468436139062-f60a71c5c892-1024x683.jpg\")
If you\u2019ve ever found yourself in a hacking situation, you are not having\u00a0a good day. Not only do you have to deal with an unfamiliar and urgent technology problem but, as a result of your predicament, your business may take a hit too. In addition, kind folks will email and text you repeatedly\u00a0to inform you about the issue, keeping it in the front of your mind for days.<\/p>\n
A long-time client of mine, Michele Cushatt<\/a>, recently sent me this text:<\/p>\n \u201cI\u2019m soooooo sorry to bother you on a Saturday. My website\/mailchimp was hacked and someone sent out an email to my entire list promoting Viagra. Ugh! People are unsubscribing and marking me as spam. Can you help?\u201d<\/p><\/blockquote>\n If this is your day today\u2014I\u2019m sorry, I feel for you. Michele\u00a0is a blogger and speaker who\u00a0has worked for years to gain\u00a0over 7,000 subscribers. A drop in subscribers as a result of a hack can be confusing and disheartening, but on the bright side,\u00a0I also have some tips for you to make this process as painless as possible and prevent it in the future.<\/p>\n First, let’s talk a little bit about WordPress. WordPress is an excellent platform for a website because it is an easy to use content management system and it’s free. That said, it has been around for a long time and has some issues. If you’re using WordPress\u2014as Michele does\u2014it’s really important that you keep it updated. WordPress\u00a0and plugin\u00a0updates are not just about adding new features, but about adding vital security patches that can prevent\u00a0you from getting attacked in the first place.\u00a0The same principles also apply to other website platforms like Joomla.<\/p>\n In Michele’s case, she had three installations\u00a0of WordPress on\u00a0her server for two different sites. The first was for her main website, the second was on a site backup and the third for a book launch site for her last book, Undone: Making Peace with an Imperfect Life<\/a>\u00a0. (The irony of this book title in this post is not lost on me.) Since the book launch, the site had been largely neglected and contained an old version of WordPress. Though we don’t know for sure if this is how the site was accessed, this was definitely a point of weakness on her site.<\/p>\n After looking through the site, we found malware files that not only created that lovely, little-blue-pill-promoting blog post, but also hid it from her\u00a0in the content management system. So even though the Viagra post was sitting there, ready to be mailed out to her all her subscribers, there was no way for her to know it was there. The first time she saw it was the same time as all 7,000 of her subscribers.<\/p>\n While Michele did a great job at patching up any confusion with her readers, we\u00a0removed the malware and scanned the site for issues, using\u00a0a security service\u00a0called Sucuri,<\/a>* which\u00a0scans customer’s websites every day and emails them\u00a0with alerts to any suspicious files or activities on their sites. After the initial clean-up of the site, my experience has been that\u00a0clients rarely have recurring issues after installation.\u00a0The basic package on Sucuri is $199 a year, and in my opinion is absolutely worth it.\u00a0Another great plugin to install is one that limits the number of login attempts<\/a>. This will protect your site against Brute Force Attacks, where login attempts are repeatedly made until access to the site is gained.<\/p>\n An additional\u00a0area that frequently affects site security is password sharing. Everyone has to share passwords these days, but you do not have to share your passwords over email or social media. By that I mean, DO NOT SHARE YOUR PASSWORDS OVER EMAIL OR SOCIAL MEDIA.\u00a0Everyone knows they aren’t supposed to do this,\u00a0but everybody still does, it’s just easy, but it is absolutely not secure. Also, don’t use the same password for everything. If someone dodgy\u00a0gets one of your passwords, \u00a0they’ll test it out on a few common platforms and soon enough, take over your online presence and hold it for ransom!<\/p>\n Unfortunately, I’m not joking. Online ransom is serious business with\u00a0high stakes. \u00a0A while back, a fellow who\u00a0works with a friend of mine, and who runs a sizable\u00a0online company had his email hacked. After the dubious party accessed his email, they simply searched for the word “password,” and were thus\u00a0able to access his Facebook and Paypal accounts. They cleared out his Paypal balance and then sent him a message on his own Skype account offering to return the money and tell him how they did it, if he paid them $500. Folks, this new internet economy is not always pretty.<\/p>\n To prevent\u00a0password faux pas and have a great place to store them, I’ve been using Lastpass<\/a>* for years. With Lastpass, you only have to remember your login credentials for Lastpass and the program securely remembers the rest. On a free account, you get random password generation, password storage and secure sharing. You won’t even have to think about what to make your password at WhatsThisRash?.com<\/em>, because Lastpass will make it up for you and store it securely. Hopefully, you won’t need to continue\u00a0visiting that particular site, but if you do, you can do it with Lastpass. And Lastpass isn’t the only option\u2014\u00a01password<\/a>\u00a0also gets great reviews.<\/p>\n One other feature that is so useful\u00a0in password sharing programs is the unsharing feature. During\u00a0all the drama with Michele’s hack her hosting provider notified me that the number reason for\u00a0sites being\u00a0hacked is a former disgruntled employee looking for a little payback. While I hope that no one reading this has string of unhappy discarded co-workers, I do hope you’ll stop and think before throwing your login credentials around to anyone and everyone.<\/p>\n One last area to keep your eye on is input forms. Any input boxes you use on your site in contact forms, email collection or commenting can be used for ugly things if they don’t have validation built into them. Validation sanitizes\u00a0any entered data of dodgy contents and encrypts it before it is transferred to your site. This can prevent forms from being used to add snippets of bad code to your site.\u00a0Ninja Forms<\/a>\u00a0is a great option for adding forms to sites and includes that crucial validation step.<\/p>\n Site security is so important. It’s like having a door with a lock on your house. You wouldn’t just go out of town and leave the door wide open, would you? Don’t do that with your website either. It is website is your business, it is your investment, and it is your responsibility to protect it.<\/p>\n To recap:<\/p>\n\n