Several new clients have come to us because they have a hacked website. One factor that greatly affects the security of your website is your password. Hackers can (and will) get into a website that uses weak passwords.
A password is your first and last line of defense in computer and website security. Typically people choose bad passwords because they are easy to remember. However, you wouldn't leave the door to your home unlocked because it is too much of a hassle to unlock it before you open the door, would you? A weak password is the same thing.
Using words that appear in a dictionary, in any language, make cracking your password that much easier. Adding numbers to dictionary words doesn't increase the password's strength at all if it is based on a dictionary word. Even with character replacements like capital letters and non-alphanumeric symbols, you're not getting a stronger password.
A true strong password should consist of 8 or more characters and be part of a “passphrase”. A passphrase consists of a phrase that has special meaning to you, therefore making it easier to remember. For example:
Mickey Mouse for President. It would be awesome!
One simple approach to create a better password is to take the first letter of each word in your passphrase, giving you:
That looks seemingly random, and it's a fairly hard password to crack. But why not make it harder by using the punctuation from the sentence?
Now that is a much harder password to crack. Why stop there, though? Let's make it even stronger by capitalizing some letters and adding numbers.
Now you have truly difficult password to crack; but is still fairly easy to remember. To make it even stronger, you can salt it with non-alphanumeric character replacements for greater difficulty. For example, replacing an “a” with a “@” leaving you with:
Do's and Do Not's of Password Security:
- Combine letters, symbols, and numbers that are easy for you to remember and hard for someone else to guess.
- Create pronounceable passwords (even if they are not words) that are easier to remember, reducing the temptation to write down your password.
- Try using the initial letters of a phrase you love, especially if a number or special character is included.
- Take two familiar things, and then wrap them around a number or special character. Alternatively, change the spelling to include a special character.
- Use personal information such as derivatives of your user ID, names of family members, maiden names, cars, license plates, telephone numbers, pets, birthdays, social security numbers, addresses, or hobbies.
- Use any word in any language spelled forward or backward.
- Tie passwords to the month. For example, don't use “Mayday” in May.
- Create new passwords that are substantially similar to ones you've previously used.
Note: No password is 100% secure. You still must take basic security precautions such as not sharing your password with others, changing it frequently and changing it immediately if you believe it may have been compromised.
First off, if your site was hacked, you have our sympathy. It's really frustrating – not only because it's troublesome to your visitors, but it's really difficult to completely remove the hack.
We offer website scanning for malware, adware, and signs of hacking. We offer malware removal and firewall installation for WordPress websites.
Are you sure it's hacked?
Unless your website has obviously been defaced, go to http://www.google.com/safebrowsing/diagnostic?site=your domain name — if your website has been hacked, it should show a warning here.
If this doesn't show an error, it's possible your website has still been compromised, but it's less likely. We can perform a thorough scan of a WordPress website and install a firewall to help protect from future attacks.
Change your passwords
If your site's been hacked, you need to immediately change all of your passwords. We recommend using strong passwords.
Restore from backup
If you have a backup of your website (and database) that you know wasn't corrupted, you should re-upload it to your hosting account.
Remove the hack
You're going to need professional help with this. We offer malware removal for HTML and WordPress websites.
Identify & fix the weakness
To prevent your site from getting hacked again, you should identify how your site was compromised. There are two types of weaknesses: passwords and structural problems.
Most hacks happen because the attacker was able to guess your account's password by brute force. By simply changing your password (and using a stronger one this time), you can prevent these attacks from succeeding in the future.
These types of weaknesses require thorough testing to identify and professional help to resolve.
An SSL certificate ensures safe, easy, and convenient Internet browsing and shopping. Once an Internet user enters a secure area — by entering credit card information, email address, or other personal data, for example — the website's SSL certificate enables the browser and Web server to build a secure, encrypted connection. The SSL “handshake” process, which establishes the secure session, takes place discreetly behind the scene without interrupting the consumer's shopping and/or browsing experience. A “padlock” icon in the browser's status bar and the “https://” prefix in the URL are the visible indications of a secure session in progress.
By contrast, if a user attempts to submit personal information to an unsecured website (i.e., a site that is not protected with a valid SSL certificate), the browser's built-in security mechanism triggers a warning to the user, reminding him/her that the site is not secure and that sensitive data might be intercepted by third parties. Faced with such a warning, most Internet users will likely look elsewhere to conduct business or make a purchase.
If your site doesn't use SSL, please contact us. We'd be happy to help you secure your site!
An SSL certificate creates an encrypted connection designed to protect sensitive information. You know you are on a website that has an SSL certificate when you see https:// in the URL bar.
We always recommend SSL certificates for websites that process financial transactions or collect personal information. This includes all e-commerce websites. Because of recent changes by Google, we are now recommending SSL for every business website.
As of July 2018, the web browser Google Chrome will more prominently identify websites that do not have an SSL certificate. Visitors will now see the words “not secure” next to the URL of websites that do not have a properly configured SSL certificate.
Because this could act as a deterrent to anyone visiting a website using Google Chrome, we recommend that all websites have an SSL certificate, even if they do not process financial transactions, sell products or request personal information. Although Google Chrome is the only browser that is changing the way it handles websites without an SSL, we expect the rest (i.e. Safari, Firefox, Edge, etc.) to eventually follow suit.
If your website does not have an SSL certificate, don’t worry, we can completely set it up for you. The cost to implement SSL is usually less than $100 per year.
Have additional questions about an SSL certificate or websites in general? Feel free to call or e-mail us.
Wildcard SSL certificates secures your website URL and an unlimited number of its subdomains. For example, a single Wildcard certificate can secure www.coolexample.com, blog.coolexample.com, and store.coolexample.com.
Wildcard certificates secure the common name and all subdomains at the level you specify when you submit your request. Just add an asterisk (*) in the subdomain area to the left of the common name.
If you request your certificate for *.coolexample.com, you can secure:
If you request your certificate for *.www.coolexample.com, you can secure:
Wildcard certificates secure websites just like regular SSL certificates, and requests are processed using the same validation methods. However, some Web servers might require a unique IP address for each subdomain on the Wildcard certificate.
An SSL (Secure Sockets Layer) certificate is a digital certificate that authenticates the identity of a website and encrypts information sent to the server using SSL technology. Encryption is the process of scrambling data into an undecipherable format that can only be returned to a readable format with the proper decryption key.
A certificate serves as an electronic “passport” that establishes an online entity's credentials when doing business on the Web. When an Internet user attempts to send confidential information to a Web server, the user's browser accesses the server's digital certificate and establishes a secure connection.
An SSL certificate contains the following information:
- The certificate holder's name
- The certificate's serial number and expiration date
- A copy of the certificate holder's public key
- The digital signature of the certificate-issuing authority