You’re busy leading your church, school, ministry or business. One day you go to update your website and see something isn’t right. Maybe there’s an error or a spammy link on your site. Maybe your site is completely blank…
You’ve been hacked!
What do you do?
You’ll probably call your web hosting company or the person who designed your website.
For most web hosting companies, their policy is they will help with hosting-related issues like email, but they won’t help with your website itself. Your website is your problem. With most website designers, once you sign-off that your website is done, they will no longer help unless you want to pay them for additional work.
Recently we’ve had a couple of client sites that got hacked.
In both cases, these clients had their websites built cheap by someone else and then months later moved them to OurChurch.Com. The web developer didn’t provide any ongoing maintenance and the clients didn’t know how to update them.
Over time many of the plugins the developers installed became insecure and were no longer being updated by the plugin developers. Hackers exploited these security flaws and uploaded malware into their accounts that sent spam emails to thousands of people.
Now most hosting companies will find and eliminate malware for their clients. (They have to otherwise their servers would get blacklisted for sending spam.) But most most hosting companies put the onus of securing the website on the client.
Securing a website can be pretty tricky
With both of our clients, the hackers had uploaded programs they could use to upload other programs. That meant that even after the website itself was secured, the hackers could still use the uploader programs to more more malicious, spam-sending programs in their account. Fortunately, we were able to track down and eliminate them, but man, did it take a lot of time and effort!
3 Questions to Minimize the Risk of Hacking
1) Are regular backups of your website being made? We make nightly backups of all our clients’ websites and keep them for 30 days. In a worst-case scenario, we can always restore a site to when it was last working.
2) Do you have maintenance plan for your website? Do you either have a plan to update your website on your own as new versions of the core and plugins become available or do you have a paid plan with your website developer so they are making those updates?
3) Do you have a developer or web hosting company that will do whatever it takes to secure your website for you? If a website developer or web hosting company doesn’t do this, they are probably not going to volunteer that information. So, be sure to ask before deciding on a website developer or web hosting company.
Discuss…
Has your website ever been hacked? If so, what happened? Did you have to deal with it yourself or did you have some help from your web hosting company or website developer?
3 Comments
good post.
good post.
Developers must know the answers of these 3 questions which you have included regarding website Hacking. Owner of the website must have a backup in case of hacking website, otherwise there is no other way to resolve that issue which is to request the Hacker. I have a website which hacked last year and [link removed by moderator] help me a lot to get the solution. Infect, that site offer me great security of my site which still runing good.