If you have a live website, you will have attempted unauthorised login to your website. It is like having thieves attempting to enter your house through the back door with a key, any key… You’re essentially hoping that they don’t have the right key to open your backdoor…
Unauthorised And Uninvited Guests At Your Home (Website)
Running a website is like running a guest house. You want guests to come visit you as often as possible, but you certainly don’t want them wandering around the premises unattended. Especially not lurking around in the many private rooms of your guest house.
There is literary no way of knowing if anybody has attempted to enter your home through the back door, unless you have a security guard manning it. Likewise, there is no way of knowing if anybody has attempted to log into the back-end of your website, unless you have a security system monitoring it.
Unauthorised and uninvited guests will attempt to enter the back-end of your website simply by guessing your registered usernames and passwords. If, by sheer luck, they manage to match a registered username and password, they will have gained entry into the back-end of your website. It shudders me to even think what mischief they can do if they actually managed to break in. They can change your content, mess up your format, delete your whole website. Gasp!… They can even delete your username, locking you out from your own website.
Pretending To Be You…
We have heard of incidents of hacking into Facebook accounts. Once in, they will use your account to send spam and/or lewd messages to friends there, or even posting spam on your wall too. Best case scenario is that your friends will somehow notice that it is very uncharacteristic of you to say/post such things. Your friends can then inform you of what happened. Worst case scenario is that you will offend your friends unknowingly. And your reputation will be forever tarnished for reasons unknown to yourself.
The truth is that the accounts are not technically hacked. It’s more like the usernames and passwords are made known (or guessed correctly). These perpetrators will have a field day once they gain access into your account. This is as good as an identity theft. While they may not have access to your bank account, they certainly can carry out mischief under the guise of your identity. And you end up having to bear the consequences of their irresponsible actions, as they were carried out under your identity.
Getting into your social media account is one thing, but getting into the back-end of your website is a whole other thing altogether. Having access to your website means having access to email addresses originating from your domain name (something you paid for). Spam and malware emails originating from your domain name will not only mar your reputation, but also put your domain name onto spam and malware blacklists. When that happens, any emails originating from your domain name will automatically be diverted to the spam folder. Visitors trying to visit your website will probably get a “potential malware content” warning, essentially turning away traffic.
Your website will essentially be “character killed”…
What Can I Do To Improve Security?
(1) Hard To Guess Username And Password
This is really the most basic thing to do. Whatever you do, never name your account username (especially the admin account) “admin” or the name of your domain. If your domain name is “example.com”, don’t name your username “example”, the two most guessed usernames.
The next most basic name is make your password really hard to guess. Conventional wisdom will tell you to use a good mix of upper and lower case letters, mixed in with numbers and other non-alphanumeric characters. And don’t stop at just five or six characters. Make it as long as it is possible. Remember, every additional character you add into your password will increase the possible combination of the password exponentially. In plain language, every additional character you add to your password will make it doubly hard to guess your password correctly.
(2) Employ Some Sort Of Security Measure
Most content management system (CMS) will offer a myriad of web security plugins and extensions. These security systems will work in the background, monitoring your website. The most useful function will be to report any attempted unauthorised logins.
Nothing is more important than being aware of what is actually going on. Armed with this knowledge, you can make whatever changes to your accounts to enhance your security.
(3) Regularly Change Your Passwords
This method may be a bit of an overkill. This is a good practice if you are really paranoid about keeping uninvited guests out of your private party. Changing your password regularly will ensure that even unauthorised logins with sophisticated password generators will not get through.
If you do change your password regularly, just make sure that you don’t accidentally lock yourself out in the process.
Your Website Is Your Reputation
Always remember that your website is representing both you and your business in the cyber world. And nothing is more important than having an accurate representation of you or your business in the eyes of your visitors.
Henceforth, having control over your website is a very heavy responsibility. Never let them take control of your information dissemination channel.